Hi,

I had a small program as shown below to read a self-signed DER encoded
certificate from
Linux filesystem and still want to keep it in DER format in "buf".
Therefore, I use both
"d2i_X509_bio" & "i2d_X509" to achieve this. Unfortunately, I encountered
some problems
when I printed the contents of the "buf":

1. there were 2 bytes shorter than the original certificate size
2. looks like both the "version" & "serial number" contain 3-byte data
instead of 4 bytes (the
following 9-bytes algorithm MD5withRSA looks ok though). I don't know
what are the
first 10-byte data?
3. Besides 2 bytes shorter, there were several bytes changing their values
w/ unknown reason
4. I use "openssl" with -C option to read this certificate and had the same
problem - 2 bytes
short and some values changed (i.e., my test program should be ok :-)

Does anyone know this strange behaviour or any suggestions? Thank you very
much.

This is the first 32-bytes of data from both original file & "buf"

---- original -----

30 82 02 a6 30 82 02 0f a0 06 02 04 00 00 00 02
02 04 00 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d
01 01 04

---- in buf after d2i_X509_bio & i2d_X509 ----

30 82 02 a4 30 82 02 0d a0 05 02 03 00 00 02 02
03 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01
04

---- Part of my test program ----

static int
load_cert(BIO *err, char *file, int format)
{

X509 *x=NULL;
BIO *cert;
BIO *STDout=NULL;
int len = -1;
unsigned char *buf = NULL, *p;

if ((STDout=BIO_new_fp(stdout,BIO_NOCLOSE)) == NULL) {
ERR_print_errors(err);
goto end;
}

if ((cert = BIO_new(BIO_s_file())) == NULL) {
ERR_print_errors(err);
goto end;
}

if (file == NULL)
BIO_set_fp(cert, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(cert, file) <= 0) {
BIO_printf(err, "Unable to read %s\n", file);
goto end;
}
}

if (format == OPENSSL_FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
else if (format == OPENSSL_FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
else if (format == OPENSSL_FORMAT_PKCS12) {
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
PKCS12_parse(p12, NULL, NULL, &x, NULL);
PKCS12_free(p12);
p12 = NULL;
} else {
BIO_printf(err,"bad input format specified for input cert\n");
goto end;
}

end:
if (x == NULL) {
BIO_printf(err,"unable to load certificate\n");
} else {
if ((len = i2d_X509(x, NULL)) < 0) {
ERR_print_errors(err);
BIO_printf(err,"unable to do i2d_X509\n");
goto cleanup;
}

if ((buf = malloc(len)) == NULL) {
BIO_printf(err,"unable to allocate memory\n");
goto cleanup;
}
/*
* i2d_X509 will increment the buf pointer so that we need to save it
*/
p = buf;
if ((len = i2d_X509(x, &p)) < 0) {
ERR_print_errors(err);
BIO_printf(err,"i2d_X509 failed\n");
free(buf);
goto cleanup;
}
printf("This is X509_print output: \n");
X509_print(STDout, x);

}

cleanup:
if (cert != NULL) BIO_free(cert);
if (x != NULL) X509_free(x);
return(len);
}

__________________________________________________ _______________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/g...ave/direct/01/

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org