000026072 - Given an X509*  the user would like to get the DER encoded issuer name (as a whole  not the individual AVA's [Attribute Value Assertions])and the serial number as the raw bytes.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026072
Applies ToRSA BSAFE SSL-C 2.0
IssueGiven an X509*, the user would like to get the DER encoded issuer name (as a  whole, not the individual AVA's [Attribute Value Assertions])and the serial number as the raw bytes.  
ResolutionBecause of the way the X509 and SSLCERT structures are designed, it is possible to type-cast an X509 structure to an SSLCERT structure in order to use functions normally accessible with only an SSLCERT structure. The following sample code assumes the customer is beginning with an X509 structure and eventually ends up extracting the DER encoded Issuer Name

int nameLen = 0;
unsigned char* buf = NULL;
SSLCERT *sslCert = NULL;
SSLCERT_NAME *sslCertName = NULL;
SSL *sslConnection = << previously initialized SSL connection >>

/* This works because the SSL_get_peer_certificate() function is actually returning an SSLCERT structure, which is a void pointer */
sslCert = SSL_get_peer_certificate(sslConnection);

sslCertName = SSLCERT_get_issuer_name(sslCert);
   
if (sslCertName == NULL) {
 printf("* Error trying to get the Subject Name");
 exit(1);
}
   
/* Assign the pointer to buf as follows */
buf = (unsigned char *)malloc(2048);

nameLen = SSLCERT_NAME_to_binary(sslCertName,&buf);    

/* At this point, buf points to the DER encoded Issuer Name and nameLen holds the length of the Issuer Name */

Legacy Article IDa8154

Attachments

    Outcomes