cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Public key extraction of a self signed cert

From: Ondruška Peter <POndruska_at_csas.cz>
Date: Tue, 15 May 2012 05:12:38 +0000

Dear Dirceu,

This mail list is dedicated to curl, not OpenSSL. You need to ask your question elsewhere.

S pozdravem * Mit freundlichen Grüßen * Sincerely,

Peter Ondruška

From: curl-library-bounces_at_cool.haxx.se [mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Cavendish, Dirceu
Sent: Tuesday, May 15, 2012 3:01 AM
To: curl-library_at_cool.haxx.se
Subject: Public key extraction of a self signed cert

Hi Cool Curl people.

I am trying to extract the public key of a self signed cert…Here is how I am doing, and what the problem is:

I set a verify call back function, in which I do:

  X509 *cert = X509_STORE_CTX_get_current_cert(x509_ctx);
  int depth = X509_STORE_CTX_get_error_depth(x509_ctx);
  int err = X509_STORE_CTX_get_error(x509_ctx);

I check cert pointer, non NULL;
I check depth, which is ZERO;
I check err, which is 18 (X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
All good.

  EVP_PKEY *pubKey = X509_get_pubkey(cert);

I check pubKey, which is non NULL;
As I dereference pubKey as pubKey->pkey.rsa, the pointer turns out to be NULL ☹.

Am I doing something wrong? When there is an error, does OPENSSL still expose the cert public key?
How would I retrieve a public key of the certificate the peer is presenting to me?

Thanks for any hints…
Dirceu

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-05-15