在代码EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)中使用openssl方法无法获取.cer文件中的公钥。
int load_cert() {
FILE *fp = fopen("/home/android/cafile/cerfile.cer", "r");
if (!fp) {
fprintf(stderr, "unable to open: %s\n", path);
return EXIT_FAILURE;
}
X509 *x509data = NULL;
// X509 *cert = d2i_X509_bio(fp, NULL);
d2i_X509_fp(fp, &x509data);
if (!x509data) {
fprintf(stderr, "unable to parse certificate in: %s\n", path);
fclose(fp);
return EXIT_FAILURE;
}
char issuer_name[1024];
char subject_name[1024];
X509_NAME_oneline(X509_get_issuer_name(x509data), issuer_name,
sizeof(issuer_name));
X509_NAME_oneline(X509_get_subject_name(x509data), subject_name,
sizeof(subject_name));
printf("Issuer name: %s\n", issuer_name);
printf("Subject name: %s\n", subject_name);
EVP_PKEY *pkey;
EVP_PKEY *a = NULL;
//d2i_PUBKEY_fp(fp, &a);
pkey = d2i_PUBKEY_fp(fp, &a);
d2i_PUBKEY_fp(fp, NULL);
if (pkey == NULL) {
printf("d2i_PUBKEY_fp pkey error\n");
}
if (a == NULL) {
printf("d2i_PUBKEY_fp a error\n");
}
// any additional processing would go here..
fclose(fp);
return 0;
}
issuer_name和subject_name可以正确获取,但是pkey和a为null。
最佳答案
您似乎希望公钥直接位于文件中 X509 证书之后的序列化形式。公钥包含在证书中 - 因此您在执行 d2i_X509_fp 调用时已经阅读了它,并且它包含在 x509data 对象中。要将其作为 EVP_PKEY 提取出来,请使用 X509_get_pubkey,如此处所述:
https://www.openssl.org/docs/man1.1.1/man3/X509_get_pubkey.html
关于无法在 C 上使用 openssl 从 .cer 文件获取公钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56217723/