000025264 - Convert a certificate in SSL-C in an X509 data structure to a CERT_OBJ in Cert-C

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025264
IssueConvert a certificate in SSL-C in an X509 data structure to a CERT_OBJ in Cert-C
ResolutionPerform the following steps to convert the X509 to a BER-encoded binary, which then can be used to set a CERT_OBJ with data.

You will need access to the internal SSL-C routine which BER-encodes the data in an X509.  Add the following function prototype to your code, which will let you access the appropriate function in the SSL-C library:

 int i2d_X509 (X509 *a, unsigned char **pp);

Assume that we have an (X509 *), sslcCert.  Call i2d_X509() to get the length of the buffer needed to store the BER-encoded certificate:

 int certBerLen;

 certBerLen = i2d_X509 (sslcCert, NULL);

Then allocate a buffer to hold the BER-encoded data:

 char *buffer;

 buffer = malloc (certBerLen);
 if (buffer == NULL)
   return BE_ALLOC;  /* or whatever... */

The i2d_X509() function is an internal SSL-C routine, as mentioned earlier, which is called by other internal SSL-C routines.  The general strategy employed by routines like i2d_X509() is to update the pointer to the buffer so that following the call to i2d_X509(), *pp is pointing to the "end" of the buffer.  (You can imagine a situation where subsequent writes will take place following a call to i2d_X509, perhaps in creating a PKCS #7 SignedData message for example.  The pointer is updated so that it is in position, should any subsequent writes need to occur.)  Therefore, we will have to "remember" where the beginning of the buffer is, which is what certBer does:

 char *certBer;

 certBer = buffer;

 i2d_X509 (sslcCert, &buffer);

Now you have enough information to populate a CERT_OBJ, using the CERT-C APIs:

 int status;
 CERT_OBJ certObj = NULL;

 status = C_CreateCertObject (&certObj);
 if (status != 0)
   goto CLEANUP;

 status = C_SetCertBER (certObj, certBer, certBerLen);
 if (status != 0)
   goto CLEANUP;
Legacy Article IDa3218