[xmlsec] Loading a DER-encoded certificate
Jesse Pelton
jsp at PKC.com
Mon Apr 7 08:45:24 PDT 2003
Shucks. It seemed like such a good fit. What's xmlSecKeyReadBinaryFile()
intended for? Is it specific to DES keys?
Before I clone a bunch of code, would xmlSecKeyDataBinRead() (which requires
me to read the file off disk myself) be a better fit?
Maybe I'm completely wrong-headed about this. What I want to do is verfiy
signatures using public keys from certificates. I also want to be able to
inspect certificate contents (issuer, serial number, etc). I think this
means that I need to load the keys into a keys manager (and give them names
so they can be located by the signature code). Is there a better approach?
-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: Monday, April 07, 2003 11:28 AM
To: Jesse Pelton
Cc: 'xmlsec at aleksey.com'
Subject: Re: [xmlsec] Loading a DER-encoded certificate
Using xmlSecKeyReadBinaryFile() function for reading certificates is
probably a wrong way.
Please check xmlSecOpenSSLAppKeyPemCertLoad() and
xmlSecOpenSSLAppPemCertLoad()
functions. In the last function you need to replace call to
PEM_read_X509_AUX() with
a call to read der certificate from file. For example, you can use BIO
call d2i_X509_bio()
(you need to create a read file BIO first).
Aleksey
Jesse Pelton wrote:
>I'm attempting to use xmlSecKeyReadBinaryFile() in XMLSec 0.1.1 to read a
>DER-encoded certificate file. As previously mentioned, it's necessary to
>modify the fopen() call to open the file in binary mode. Once I've done
>that, the file loads into memory successfully, and we call down to
>xmlSecOpenSSLKeyDataRawX509CertBinRead(). This sets up a key info context
>specifying a NULL keys manager, then calls
>xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(), which promptly fails because
>of the absence of a keys manager.
>
>Is there some way to get xmlSecKeyReadBinaryFile() to load a certificate
>file successfully? If not, is there an alternative?
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list