This is a discussion on Re: How to decode ASN.1 Bit String - Openssl ; Dr. Stephen Henson wrote: > On Tue, Apr 29, 2008, Carolin Latze wrote: > > >> Hello everybody, >> >> I know, that might be an easy question, but I really didn't find an >> answer till now... >> >> ...
Dr. Stephen Henson wrote:
> On Tue, Apr 29, 2008, Carolin Latze wrote:
>> Hello everybody,
>> I know, that might be an easy question, but I really didn't find an
>> answer till now...
>> I have a certificate in TLS (X.509) with an ASN1. Bit String extension.
>> How to I read it out? Till now I did the following:
>> X509_EXTENSION *ext;
>> But extstr is not exactly what it should be. It should be a bit string
>> of 20 bytes. extstr contains 20 bytes, but the first 4 bytes are always
>> "1614" and the last four bytes are missing.... Any ideas? (I am sure, I
>> am simply using the wrong functions, but everything I tried gave the
>> same result)
> You also need to retrieve the length of os using ASN1_STRING_length(os).
> What you then have is the encoding of the BIT STRING and not the content. If
> you want the content you have to call d2i_ASN1_BITSTRING() on the encoding,
> see docs and FAQ for examples of using the d2i_*() functions.
First of all: thanks for the answer. That helped a lot. I think, I know
what to do: First of all, I read out the encoded data using
ASN1_STRING_data, then the length using ASN1_STRING_length. Finally I
fill in the content using d2i_ASN1_BIT_STRING. I realized it as follows:
unsigned char *sstring;
const unsigned char *extstr;
char*)malloc((size_t)os->length + 1);
The problem is that d2i_ASN1_BIT_STRING always returns:
3797:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
3797:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
And I have not really an idea about what goes wrong here. I tried to
google around but did not find a satisfactory answer. My question is: Is
there still something missing or wrong in this code or might it be
possible that I did something wrong in the assignment of the extension
when creating the certificate?
(I assigned the extensions like this:
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com