0

I need to read a X509 certificate in C++. I couldn't find a way to do that with the GnuTLS library. The certificate has to be read in PEM or DER format, so that I can process it twith functions of the GnuTLS library. Is there a pendant to the bio files provided in openssl, which allow me to read the certificate and concert it into processable format?

jww
  • 97,681
  • 90
  • 411
  • 885
Maximilian
  • 1,325
  • 2
  • 14
  • 35
  • If you're willing to use a higher level library (that depends on OpenSSL), you may take look at [sslpkix's unit tests](https://github.com/jweyrich/sslpkix/blob/master/test/test.cpp) to get an idea. It would be something like `FileSink sink; sink.open("foo.crt", "rb"); Certificate cert; cert.load(sink); std::cout << cert.subject().common_name() << std::endl;` - My fault for not having formal documentation yet, nor complete code coverage. - Use at your own discretion. Ultimately, you may query its inner guts to find how to put together a bunch of OpenSSL calls to achieve the same. – jweyrich May 15 '15 at 13:44
  • See [3.4 Input and Output](http://www.gnutls.org/manual/gnutls-guile/Input-and-Output.html) in the GnuTLS manual. Also, if you look at the GnuTLS source code, you will see it uses a `FILE*` and `fopen|fread` in its examples. You will probably have to avoid C++ `istreams` because you can't get to the `FILE*` or descriptor. Stack Overflow has a couple of questions on the C++/FILE*/Descriptor issue. – jww May 15 '15 at 18:05
  • @jww When I read the Certificate with the fopen command, I get the following error while processinf the FILE: error: cannot convert ‘FILE* {aka _IO_FILE*}’ to ‘const gnutls_datum_t*’ for argument ‘2’ to ‘int gnutls_x509_crt_import(gnutls_x509_crt_t, const gnutls_datum_t*, gnutls_x509_crt_fmt_t)’ ret = gnutls_x509_crt_import(c, fp, GNUTLS_X509_FMT_DER);> – Maximilian May 18 '15 at 08:36
  • @Maxi - please look at the GnuTLS sources. In particular, look at `.../src/serv.c` to see how GnuTLS does it in its sample code. You can find all the places its used with `cd gnutls-3.4.1; grep -R gnutls_x509_crt_import * | grep src`. – jww May 18 '15 at 08:51

1 Answers1

0

Actually it is important to generate a variable which contains a tuple of the certificate and the length of the certificate. The certificate can be read using fopen() and fread(). The tuple can be processed with gnutls_x509_crt_import(). That solves the problem for me.

Maximilian
  • 1,325
  • 2
  • 14
  • 35