Reputation: 199
I have a client/server architecture in which I use the openssl library to implement an encrypted communication (TLSv1.2). Since I'm using "self signed" certificates, in order to verify server's identity, my idea is to put in the client side a physical copy of the server's public key (server_public_key.pem) and then verify if it is equals to which received in the handshake phase of TLS.
On the client, I can retrieve the latter with:
X509 *cert = SSL_get_peer_certificate(ssl);
Now, I would extract the human readable string of the public key contained in this object.
I know that I can print it in this way:
EVP_PKEY *pkey = X509_get_pubkey(cert);
PEM_write_PUBKEY(stdout, pkey);
But I need to keep it as a string (instead of send it to stdout). How can I do this ?
Upvotes: 1
Views: 1606
Reputation: 118425
Use BIO_new() to create a new BIO
backed by an internal memory buffer (initially empty).
Then use PEM_write_bio_PUBKEY()
to write the public key to the BIO, at which point use the functions documented in the BIO
's manual page to retrieve the public key.
See the cited documentation for a simple example of creating a BIO
, writing to it, then reading from it. Replacing the sample write operation with PEM_write_bio_PUBKEY()
should be sufficient.
Upvotes: 1