[xmlsec] Loading a DER-encoded certificate

Jesse Pelton jsp@PKC.com
Mon, 7 Apr 2003 11:45:24 -0400


Shucks. It seemed like such a good fit. What's xmlSecKeyReadBinaryFile()
intended for? Is it specific to DES keys?

Before I clone a bunch of code, would xmlSecKeyDataBinRead() (which requires
me to read the file off disk myself) be a better fit?

Maybe I'm completely wrong-headed about this.  What I want to do is verfiy
signatures using public keys from certificates.  I also want to be able to
inspect certificate contents (issuer, serial number, etc).  I think this
means that I need to load the keys into a keys manager (and give them names
so they can be located by the signature code).  Is there a better approach?

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey@aleksey.com]
Sent: Monday, April 07, 2003 11:28 AM
To: Jesse Pelton
Cc: 'xmlsec@aleksey.com'
Subject: Re: [xmlsec] Loading a DER-encoded certificate


Using xmlSecKeyReadBinaryFile() function for reading certificates is 
probably a wrong way.
Please check xmlSecOpenSSLAppKeyPemCertLoad() and 
xmlSecOpenSSLAppPemCertLoad()
functions. In the last function you need to replace call to 
PEM_read_X509_AUX() with
a call to read der certificate from file. For example, you can use BIO 
call d2i_X509_bio()
(you need to create a read file BIO first).

Aleksey


Jesse Pelton wrote:

>I'm attempting to use xmlSecKeyReadBinaryFile() in XMLSec 0.1.1 to read a
>DER-encoded certificate file. As previously mentioned, it's necessary to
>modify the fopen() call to open the file in binary mode. Once I've done
>that, the file loads into memory successfully, and we call down to
>xmlSecOpenSSLKeyDataRawX509CertBinRead(). This sets up a key info context
>specifying a NULL keys manager, then calls
>xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(), which promptly fails because
>of the absence of a keys manager.
>
>Is there some way to get xmlSecKeyReadBinaryFile() to load a certificate
>file successfully?  If not, is there an alternative?
>_______________________________________________
>xmlsec mailing list
>xmlsec@aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>