2

I have a generated a certificate, but I would like to be able to extract the information from the certificate, as for example the country, the validity, the public key and so on. I have to compare this information retrived from the certificate with some other that I have stored in my C programe.

I know that if I use a function like this it will print me the certificate information:

void print_certificate(const char* cert)
{
    X509 *x509 = NULL;
    BIO *i = BIO_new(BIO_s_file());
    BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);

    if((BIO_read_filename(i, cert) <= 0) ||
       ((x509 = PEM_read_bio_X509_AUX(i, NULL, NULL, NULL)) == NULL)) {
           printf("Bad certificate, unable to read\n");
    }

    X509_print_ex(o, x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);   

    if(x509)
        X509_free(x509);
}

But what I want is only some parts of that information. how can it be done?

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
mmm
  • 689
  • 2
  • 12
  • 25

2 Answers2

4

try grep _get_ /usr/include/openssl/x509.h

here are some things you may find useful:

EVP_PKEY *  X509_get_pubkey(X509 *x);
#define     X509_CRL_get_issuer(x) ((x)->crl->issuer)
#define     X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
#define     X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)

Also check the source code for t_x509.c which contains X509_print_ex. This will probably be most useful.

Sergey L.
  • 21,822
  • 5
  • 49
  • 75
  • EVP_PKEY * X509_get_pubkey(X509 *x); from this EVP_PKEY how to you turn it into a EC_KEY so that I can verify a signature in my case. Thanks a lot for the quick answer. – mmm Apr 03 '13 at 17:34
  • 2
    problem solved used: EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); Thanks:) – mmm Apr 03 '13 at 17:45
2

See x509.h of OpenSSL (example here). You will find plenty of useful functions. Example:

#define     X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
/* #define  X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
#define     X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
#define     X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
#define     X509_extract_key(x) X509_get_pubkey(x) /*****/
#define     X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
#define     X509_REQ_get_subject_name(x) ((x)->req_info->subject)
#define     X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
#define     X509_name_cmp(a,b)  X509_NAME_cmp((a),(b))
#define     X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))

#define     X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
#define     X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
#define     X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
#define     X509_CRL_get_issuer(x) ((x)->crl->issuer)
#define     X509_CRL_get_REVOKED(x) ((x)->crl->revoked)

/* This one is only used so that a binary form can output, as in
 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
#define     X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
doptimusprime
  • 9,115
  • 6
  • 52
  • 90
  • Hello, Thanks for the answer, I'm trying to get the public key into EC_KEY Format so that I can verify the signature of a message. The following commands return me a EVP_PKEY, but how to I convert this to EC_KEY? EVP_PKEY *pk = EVP_PKEY_new(); pk = X509_get_pubkey(certificate); I found this but I think this does the oposite, it puts a EC_KEY into and EVP_PKEY. EC_KEY* publickey EVP_PKEY_assign_EC_KEY(pk, publickey); – mmm Apr 03 '13 at 17:32