问题
I'm creating self-signed certificate by:
openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
How do I pass cert.pem to i2d_X509? I need something like:
len = i2d_X509(".\cert.pem", &buf);
but my certificate in a PEM file..
Here is my code: (I used the example in https://www.openssl.org/docs/crypto/d2i_X509.html)
#include <openssl/x509.h>
#include <stdio.h>
int main(void)
{
int len,i;
unsigned char *buf;
buf = NULL;
len = i2d_X509((X509*)".\cert.pem", &buf);
if (len < 0){
printf("error len < 0");
return -1;
}
printf("buf:");
for (i = 0; i < len ; i++)
printf("0x%02X", *(buf+i));
return 0;
}
回答1:
How do I pass cert.pem to i2d_X509? ...
You don't/can't. You need to read the certificate with PEM_read_bio_X509. PEM_read_bio_X509 returns an X509*. Then you can pass it to i2d_X509.
Be sure to call X509_free on the pointer when done with it.
Or, do as Philippe suggests - convert it to ASN.1/DER and then use it with d2i_X509_fp.
Also see the OpenSSL man pages on the PEM Read/Write functions.
来源:https://stackoverflow.com/questions/29970497/how-to-pass-pem-certificate-as-first-arg-of-i2d-x509