Ok, I found the error: I mixed up data types :-(

Thanks anyway!

Carolin Latze wrote:
> Dr. Stephen Henson wrote:
>
>> On Tue, Apr 29, 2008, Carolin Latze wrote:
>>
>>
>>
>>> Hello everybody,
>>>
>>> I know, that might be an easy question, but I really didn't find an
>>> answer till now...
>>>
>>> I have a certificate in TLS (X.509) with an ASN1. Bit String extension.
>>> How to I read it out? Till now I did the following:
>>>
>>> X509_EXTENSION *ext;
>>> ext=X509_get_ext(cert,i);
>>> os=X509_EXTENSION_get_data(ext);
>>> extstr=ASN1_STRING_data(os);
>>>
>>> But extstr is not exactly what it should be. It should be a bit string
>>> of 20 bytes. extstr contains 20 bytes, but the first 4 bytes are always
>>> "1614" and the last four bytes are missing.... Any ideas? (I am sure, I
>>> am simply using the wrong functions, but everything I tried gave the
>>> same result)
>>>
>>>
>>>

>> You also need to retrieve the length of os using ASN1_STRING_length(os).
>>
>> What you then have is the encoding of the BIT STRING and not the content. If
>> you want the content you have to call d2i_ASN1_BITSTRING() on the encoding,
>> see docs and FAQ for examples of using the d2i_*() functions.
>>
>>
>>

> First of all: thanks for the answer. That helped a lot. I think, I know
> what to do: First of all, I read out the encoded data using
> ASN1_STRING_data, then the length using ASN1_STRING_length. Finally I
> fill in the content using d2i_ASN1_BIT_STRING. I realized it as follows:
>
> X509_EXTENSION *ext;
> unsigned char *sstring;
> const unsigned char *extstr;
> ASN1_OCTET_STRING *os;
> long len;
>
> ext=X509_get_ext(cert,i);
>
> os=X509_EXTENSION_get_data(ext);
> extstr=ASN1_STRING_data(os);
> len=ASN1_STRING_length(os);
> os=d2i_ASN1_BIT_STRING(&os,&extstr,len);
> if(os==NULL) int_error("d2i_ASN1_BIT_STRING
> returned NULL\n");
> else fprintf(stdout,"d2i_ASN1_BIT_STRING
> succeeded\n");
> sstring=(unsigned
> char*)malloc((size_t)os->length + 1);
> memcpy(sstring,os->data,(size_t)os->length);
> sstring[os->length+1]='\0';
>
>
> The problem is that d2i_ASN1_BIT_STRING always returns:
>
> 3797:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:1294:
> 3797:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
> asn1 error:tasn_dec.c:830:
>
> And I have not really an idea about what goes wrong here. I tried to
> google around but did not find a satisfactory answer. My question is: Is
> there still something missing or wrong in this code or might it be
> possible that I did something wrong in the assignment of the extension
> when creating the certificate?
>
> (I assigned the extensions like this:
> ext=X509V3_EXT_conf_nid(NULL,&ctx,nid,ext_entries[i].value;
> X509_add_ext(x509,ext,-1)
>
> Regards
> Carolin
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>


--
Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de Pérolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org