mace-opensaml-users - C API: trouble using der certificates with the signtest sample
Subject: OpenSAML user discussion
List archive
- From: "Cameron Morris" <>
- To: <>
- Subject: C API: trouble using der certificates with the signtest sample
- Date: Wed, 04 Feb 2004 17:09:33 -0700
I couldn't get certificates generated by OpenSSL to run with the
signtest sample. But I could get certificates generated by java's
keytool to work. I ran into this email of a workaround:
http://www.mail-archive.com//msg00113.html
Basically the xml wrapper around OpenSSL doesn't load correctly from
file. So if you load the certificate first with OpenSSL and then pass
it to the OpenSSLCryptoX509 wrapper class then it works fine.
Before:
...
auto_ptr<OpenSSLCryptoX509> x509(new
OpenSSLCryptoX509());
ifstream s(cert);
string buf;
char ch;
while ((ch=s.get())!=EOF)
buf+=ch;
x509->loadX509Base64Bin(buf.data(),buf.length());
...
After: (Note I changed it to read a PEM cert instead of a DER cert, but
DER is similar)
...
BIO *bio=BIO_new(BIO_s_file());
BIO_read_filename(bio,cert);
X509 *pcert=PEM_read_bio_X509(bio,NULL,NULL,NULL);
auto_ptr<OpenSSLCryptoX509> x509(new
OpenSSLCryptoX509(pcert));
...
I hope this helps someone,
Cameron
Cameron Morris
Novell, Inc., the leading provider of information solutions
http://www.novell.com
- C API: trouble using der certificates with the signtest sample, Cameron Morris, 02/04/2004
Archive powered by MHonArc 2.6.16.