On Tue, Nov 02, 2021 at 07:42:15PM +0000, Jason Schultz wrote:
> I thought I should start a new thread since this question was buried in my
> "FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL
> providers. I'm hitting another problem that I think is related to the
> migration to OpenSSL 3.0, as this code works with OpenSSL 1.1.1 (and 1.0.2
> before it). When looking at the documentation pages for 1.1.1 vs 3.0, I'm not
> seeing any differences between the OpenSSL APIs I'm calling in the 2
> different release levels.
>
> Here is the sequence, I'm basically setting up my certificate and private
> key, both in PEM format, for the server, then I need to extract some
> information from them:
>
> ctx = SSL_CTX_new_ex(non_fips_libctx, NULL, TLS_method());
> SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);
> SSL_CTX_use_certificate_file(ctx,<certfile>,SSL_FILETYPE_PEM);
> SSL_CTX_check_private_key(ctx);
> fp = fopen(<certfile>, "r");
> mycert = PEM_read_X509(fp, NULL, 0, NULL);
> pkey = X509_get_pubkey(mycert);
Without addressing the question of why you're unable to get the public
key handle from the certificate, why not just:
pkey = SSL_CTX_get0_privatekey(ctx){
and skip reading the cert again?
--
Viktor.
