Archive

Posts Tagged ‘X509’

Parse X509 certificate parsing with an example


If you have a .der or raw binary format of X509 certificate Here is the basic template for loading the certificate.

#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/bio.h>

const unsigned char *data = ... ;
size_t len = ... ;

X509 *cert = d2i_X509(NULL, &data, len);
if (!cert) {
fprintf(stderr, "unable to parse certificate in memory\n");
return EXIT_FAILURE;
}

// any additional processing would go here..

X509_free(cert);

To iterate through all the values in X509 certificate subject the following snippet of code is very useful.


X509_NAME *subj = X509_get_subject_name(cert);

for (int i = 0; i < X509_NAME_entry_count(subj); i++) {
X509_NAME_ENTRY *e = X509_NAME_get_entry(subj, i);
ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
char *str = ASN1_STRING_data(d);
}

References:
https://zakird.com/2013/10/13/certificate-parsing-with-openssl/

http://www.umich.edu/~x509/ssleay/x509_name.html

http://www.gnutls.org/manual/gnutls.html#X509-certificate-API

X509 certificate parsing useful Links


Here are some of the very useful links available online for parsing X509 certificates in C language. The following links will be handy if you are working on a tight schedule project and don’t have enough time to read the official documentation https://www.openssl.org/docs.

https://zakird.com/2013/10/13/certificate-parsing-with-openssl/

http://www.umich.edu/~x509/ssleay/x509_name.html

http://www.gnutls.org/manual/gnutls.html#X509-certificate-API

Official X509 docs.

https://www.openssl.org/docs/crypto/d2i_X509.html