[xmlsec] Help with x509 Serial

Chris McQueen chris at dctransform.com
Tue Oct 3 22:01:10 PDT 2006


Excellent, thank you. I investigate templates.h and that puts me closer, 
but  I still get empty blocks for serial.  I apologize again, I am quite 
a newbie at C programming.

 From the code of x509 example on site
http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html

I add the following lines:
-------------------------------
    /* add other x590Data */
    xmlSecTmplX509DataAddIssuerSerial(keyInfoNode);
    xmlSecTmplX509DataAddSubjectName(keyInfoNode);
    xmlSecTmplX509DataAddSKI(keyInfoNode);
    xmlSecTmplX509DataAddCertificate(keyInfoNode);
    xmlSecTmplX509DataAddCRL(keyInfoNode);

just after:
-------------------------------
    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
    fprintf(stderr, "Error: failed to add X509Data node\n");
    goto done;
    }

And get the following result:
-------------------------------
<KeyInfo>
<X509Data>
<X509Certificate>
MIID1jCCAz+gAwIBAgIEGYW/ajANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC
VVMxFDASBgNVBAgTC01pc3Npc3NpcHBpMRIwEAYDVQQHEwlSaWRnZWxhbmQxEjAQ
BgNVBAoTCVRyYW5zZm9ybTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxHDAaBgNVBAMT
E3d3dy5kY3RyYW5zZm9ybS5jb20xJjAkBgkqhkiG9w0BCQEWF3N1cHBvcnRAZGN0
cmFuc2Zvcm0uY29tMB4XDTA2MTAwNDA0MTI0MFoXDTM0MDIxOTA0MTI0MFowgacx
CzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtNaXNzaXNzaXBwaTESMBAGA1UEBxMJUmlk
Z2VsYW5kMRIwEAYDVQQKEwlUcmFuc2Zvcm0xFDASBgNVBAsTC0RldmVsb3BtZW50
MRwwGgYDVQQDExN3d3cuZGN0cmFuc2Zvcm0uY29tMSYwJAYJKoZIhvcNAQkBFhdz
dXBwb3J0QGRjdHJhbnNmb3JtLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAuel5FZlXt3zD+W/Qqr/xUHM92JAiIe6NN9efdilzkoHZ5kzVj/i+FcczAlwG
7A5X48iVF65Ib4MJ/4fcUetKJXB5QoPpyxxnqVXL/EWyyccIDE7mCEAg/yrmBpp/
eTaDGvwrzybk91lOs9dN3nXctse9ZB+OxPKrTABChcsBhd0CAwEAAaOCAQswggEH
MB0GA1UdDgQWBBS0gcX8R7vAy/HlT9H6mQ+yjdki1DCB1wYDVR0jBIHPMIHMgBS0
gcX8R7vAy/HlT9H6mQ+yjdki1KGBraSBqjCBpzELMAkGA1UEBhMCVVMxFDASBgNV
BAgTC01pc3Npc3NpcHBpMRIwEAYDVQQHEwlSaWRnZWxhbmQxEjAQBgNVBAoTCVRy
YW5zZm9ybTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxHDAaBgNVBAMTE3d3dy5kY3Ry
YW5zZm9ybS5jb20xJjAkBgkqhkiG9w0BCQEWF3N1cHBvcnRAZGN0cmFuc2Zvcm0u
Y29tggQZhb9qMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAlJ+AzLBO
TQLw1TA0AZFTr8IZbxXFV2BLE2KQf3eKdxtcU72xylTdPOOxWX8V6CvUE6rL8+5w
+iQ2U79Mlbbg70zulL8h+zHtPjCZBYTEVXqTi3VNSUwEHhzi6ClS2DdhzRjKnDwU
JDdHUcC3Ml1nwOTmKxV+pSXzZTuHub5vhEo=
</X509Certificate>
</X509Data>
<X509IssuerSerial/>
<X509SubjectName/>
<X509SKI/>
<X509Certificate/>
<X509CRL/>
</KeyInfo>

I would expect at the least, the certificate block to be written out 
again?  Perhaps I am using these functions entirely wrong?

Here is text dump of the test cert if it helps:
------------------------------------------------------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 428195690 (0x1985bf6a)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Mississippi, L=Ridgeland, O=Transform, 
OU=Development, CN=www.dctransform.com/emailAddress=support at dctransform.com
        Validity
            Not Before: Oct  4 04:12:40 2006 GMT
            Not After : Feb 19 04:12:40 2034 GMT
        Subject: C=US, ST=Mississippi, L=Ridgeland, O=Transform, 
OU=Development, CN=www.dctransform.com/emailAddress=support at dctransform.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b9:e9:79:15:99:57:b7:7c:c3:f9:6f:d0:aa:bf:
                    f1:50:73:3d:d8:90:22:21:ee:8d:37:d7:9f:76:29:
                    73:92:81:d9:e6:4c:d5:8f:f8:be:15:c7:33:02:5c:
                    06:ec:0e:57:e3:c8:95:17:ae:48:6f:83:09:ff:87:
                    dc:51:eb:4a:25:70:79:42:83:e9:cb:1c:67:a9:55:
                    cb:fc:45:b2:c9:c7:08:0c:4e:e6:08:40:20:ff:2a:
                    e6:06:9a:7f:79:36:83:1a:fc:2b:cf:26:e4:f7:59:
                    4e:b3:d7:4d:de:75:dc:b6:c7:bd:64:1f:8e:c4:f2:
                    ab:4c:00:42:85:cb:01:85:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:81:C5:FC:47:BB:C0:CB:F1:E5:4F:D1:FA:99:0F:B2:8D:D9:22:D4
            X509v3 Authority Key Identifier:
                
keyid:B4:81:C5:FC:47:BB:C0:CB:F1:E5:4F:D1:FA:99:0F:B2:8D:D9:22:D4
                
DirName:/C=US/ST=Mississippi/L=Ridgeland/O=Transform/OU=Development/CN=www.dctransform.com/emailAddress=support at dctransform.com
                serial:19:85:BF:6A

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        94:9f:80:cc:b0:4e:4d:02:f0:d5:30:34:01:91:53:af:c2:19:
        6f:15:c5:57:60:4b:13:62:90:7f:77:8a:77:1b:5c:53:bd:b1:
        ca:54:dd:3c:e3:b1:59:7f:15:e8:2b:d4:13:aa:cb:f3:ee:70:
        fa:24:36:53:bf:4c:95:b6:e0:ef:4c:ee:94:bf:21:fb:31:ed:
        3e:30:99:05:84:c4:55:7a:93:8b:75:4d:49:4c:04:1e:1c:e2:
        e8:29:52:d8:37:61:cd:18:ca:9c:3c:14:24:37:47:51:c0:b7:
        32:5d:67:c0:e4:e6:2b:15:7e:a5:25:f3:65:3b:87:b9:be:6f:
        84:4a



Aleksey Sanin wrote:
> OK, seems like the automatic API documentation updates
> are broken... There are few more functions in templates.h
> file. Search TmplX509Data there and you'll see them all.
>
> Aleksey
>
>



More information about the xmlsec mailing list