Skip to Content.
Sympa Menu

mace-opensaml-users - C API: trouble using der certificates with the signtest sample

Subject: OpenSAML user discussion

List archive

C API: trouble using der certificates with the signtest sample


Chronological Thread 
  • From: "Cameron Morris" <>
  • To: <>
  • Subject: C API: trouble using der certificates with the signtest sample
  • Date: Wed, 04 Feb 2004 17:09:33 -0700

I couldn't get certificates generated by OpenSSL to run with the
signtest sample. But I could get certificates generated by java's
keytool to work. I ran into this email of a workaround:
http://www.mail-archive.com//msg00113.html

Basically the xml wrapper around OpenSSL doesn't load correctly from
file. So if you load the certificate first with OpenSSL and then pass
it to the OpenSSLCryptoX509 wrapper class then it works fine.

Before:
...
auto_ptr<OpenSSLCryptoX509> x509(new
OpenSSLCryptoX509());
ifstream s(cert);
string buf;
char ch;
while ((ch=s.get())!=EOF)
buf+=ch;
x509->loadX509Base64Bin(buf.data(),buf.length());
...

After: (Note I changed it to read a PEM cert instead of a DER cert, but
DER is similar)
...
BIO *bio=BIO_new(BIO_s_file());
BIO_read_filename(bio,cert);
X509 *pcert=PEM_read_bio_X509(bio,NULL,NULL,NULL);
auto_ptr<OpenSSLCryptoX509> x509(new
OpenSSLCryptoX509(pcert));
...

I hope this helps someone,

Cameron





Cameron Morris
Novell, Inc., the leading provider of information solutions
http://www.novell.com




  • C API: trouble using der certificates with the signtest sample, Cameron Morris, 02/04/2004

Archive powered by MHonArc 2.6.16.

Top of Page