user3021596
Reputation: 11
X.509 certificate translation to SecCertificateRef
I am connecting to server using openSSL.
After I get the certificate/chain in X509 format, I want to use Apple's security framework to validate the certificate(s).
In order to do that I would need to translate the X.509 structure to SecCertificateRef.
Below fails..
X509 *x509cert = ..;
SecCertificateRef certificateRef = SecCertificateCreateWithData(NULL, X509Cert);
SecCertificateCreateWithData expects data in CFDataRef (DER encoded X.509 certificate) format.
Does anybody have any sample code for this?
Upvotes: 1
Views: 875
Answers (2)
catlan
Reputation: 25256
X509 *x = ...
BIO *x_bio = BIO_new(BIO_s_mem());
i2d_X509_bio(x_bio, x);
BIO_flush(x_bio);
char *x509Pointer;
long x509Length = BIO_get_mem_data(x_bio, &x509Pointer);
NSData *certData = [NSData dataWithBytes:x509Pointer length:x509Length];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
BIO_free_all(x_bio);
Upvotes: 0
authcate
Reputation: 1125
what is the file extension of your certificate? You probably have to convert it to a DER format
openssl x509 -outform der -in certificate.pem -out certificate.der
Upvotes: 1
Related Questions
- OpenSSL extensions to CA certificate
- C# convert certificate string into X509 certificate
- How to get certificate from SSL_CTX?
- X509 Certificate Intended purpose and SSL
- X509 Certificate format
- Load CA Certificate to OpenSSL
- conversion of subject name into x509_name format
- Open source certificate authority software
- .NET certificates (C#)
- X509Certificate and SSL