Hi,
I need to use authority key identifier extension. When I am using X509V3_EXT_print() akid is printed correctly. But I have to get the AUTHORITY_KEYID structure. I do it this way: class cCert { X509 * x509cert; bool getAuthorityKeyID(int &, AUTHORITY_KEYID *); // other members of cCert }; bool cCert::getAuthorityKeyID(int & crit, AUTHORITY_KEYID * akid) { akid = NULL; akid = reinterpret_cast<AUTHORITY_KEYID*> (X509_get_ext_d2i(x509cert, NID_authority_key_identifier, &crit, NULL)); if (akid) return true; return false; } If this function returns true, I assume that akid points to a valid AUTHORITY_KEYID. So i try to use it: AUTHORITY_KEYID * auth_keyid; int crit; if (cert.getAuthorityKeyID(crit, auth_keyid)) { if (auth_keyid != NULL) { printf("auth_keyid is not NULL\n"); // test information if (auth_keyid->keyid) { printf("keyid is present\n"); // do something in this case } else { printf("keyid is not present"); // do something in this case } } else printf("auth_keyid is NULL\n"); } When I run my application I get: auth_keyid is not NULL Segmentation fault Why auth_keyid->keyid causes segmentation fault? X509V3_EXT_print() is called from another member function of cCert and extracts this extension and prints keyid correctly. So why X509_get_ext_d2i() doesn't work? How can I do this without errors? Thanks, Daniel (Feel free to correct my English) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Hello,
You have to instantiate the pointer variable name akid. For more inforrmation of how use the i2d_*(), d2i_*() functions, please consult the FAQ, with the question 3. How do I read or write a DER encoded buffer using the ASN1 functions? [hidden email] wrote: >Hi, > >I need to use authority key identifier extension. >When I am using X509V3_EXT_print() akid is printed correctly. >But I have to get the AUTHORITY_KEYID structure. >I do it this way: > >class cCert >{ > X509 * x509cert; > bool getAuthorityKeyID(int &, AUTHORITY_KEYID *); > // other members of cCert >}; > >bool cCert::getAuthorityKeyID(int & crit, AUTHORITY_KEYID * akid) >{ > akid = NULL; > akid = reinterpret_cast<AUTHORITY_KEYID*> > (X509_get_ext_d2i(x509cert, NID_authority_key_identifier, &crit, >NULL)); > if (akid) > return true; > return false; >} > >If this function returns true, I assume that akid points to a valid >AUTHORITY_KEYID. >So i try to use it: > >AUTHORITY_KEYID * auth_keyid; >int crit; >if (cert.getAuthorityKeyID(crit, auth_keyid)) >{ > if (auth_keyid != NULL) > { > printf("auth_keyid is not NULL\n"); // test information > if (auth_keyid->keyid) > { > printf("keyid is present\n"); > // do something in this case > } > else > { > printf("keyid is not present"); > // do something in this case > } > } > else > printf("auth_keyid is NULL\n"); >} > >When I run my application I get: >auth_keyid is not NULL >Segmentation fault > >Why auth_keyid->keyid causes segmentation fault? >X509V3_EXT_print() is called from another member function of cCert >and extracts this extension and prints keyid correctly. >So why X509_get_ext_d2i() doesn't work? >How can I do this without errors? > >Thanks, >Daniel > >(Feel free to correct my English) > > > > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [hidden email] >Automated List Manager [hidden email] > -- /**************************/ /** Ivan Fraixedes Cugat **/ /** Computer science ******/ /** DMAG (UPF) ************/ /** (SPAIN-BARCELONA)******/ /**************************/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by soukyan
> Hello,
> You have to instantiate the pointer variable name akid. > > For more inforrmation of how use the i2d_*(), d2i_*() functions, > please consult the FAQ, > with the question > 3. How do I read or write a DER encoded buffer using the ASN1 > functions? How to do it? d2i_*() require (char**)data and (int)length but I have only AUTHORITY_KEYID * akid; and X509 * x509cert; X509V3_EXT_print() works fine, so OpenSSL can extract this extension I managed with AUTHORITY_KEYID in another way and now it works fine for me. Now I have problems with CERTIFICATEPOLICIES. I have to extract all policies in a certificate. I do it in similar way: certPols = (CERTIFICATEPOLICIES*)X509_get_ext_d2i(x509cert, NID_certificate_policies, &crit, NULL); and still have the same problem. It means segmentation fault. And the function sk_POLICYINFO_num(certPols) returns -1. When I try something like this char *temp = (char*)certPols; char ch = temp[0]; char ch2 = temp[1]; segmentation fault occures again. How correctly extract all policies? I'm using Beta 4 of OpenSSL 0.9.8 compiled by myself because I need to use some extensions which are new in 0.9.8 (policyMappings, nameConstraints and inhibitAnyPolicy) I compiled it this way: ./config make make install Should I do something more? Thanks, Daniel (Feel free to correct my English) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by soukyan
Hi
I have solved my problem. The mistake was in this line: > bool cCert::getAuthorityKeyID(int & crit, AUTHORITY_KEYID * akid) it should be: bool cCert::getAuthorityKeyID(int & crit, AUTHORITY_KEYID * & akid) and it works fine now. I have one another question. I have three structures: X509 * x509subject, * x509issuer; X509_CRL * x509crl; x509subject and x509crl are issued and signed by x509issuer. All pointers are allocated with d2i*() How to check if x509subject certificate is revoked by x509issuer CA and is placed in x509crl? The revocation reason is also required to know. Thanks, Daniel (feel free to correct my English) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |