如何以编程方式从证书提取信息？ [英] How to programmatically extract information from certificate?

问题描述

我有一个生成的证书，但我想能够从证书中提取信息，例如国家，有效性，公共密钥等。我必须将从证书中检索的信息与我在C程序中存储的其他信息进行比较。

I have a generated a certificate, but I would like to be able to extract the information from the certificate, as for example the country, the validity, the public key and so on. I have to compare this information retrived from the certificate with some other that I have stored in my C programe.

我知道如果我使用这样的函数，它会打印我的证书信息：

I know that if I use a function like this it will print me the certificate information:

void print_certificate(const char* cert)
{
    X509 *x509 = NULL;
    BIO *i = BIO_new(BIO_s_file());
    BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);

    if((BIO_read_filename(i, cert) <= 0) ||
       ((x509 = PEM_read_bio_X509_AUX(i, NULL, NULL, NULL)) == NULL)) {
           printf("Bad certificate, unable to read\n");
    }

    X509_print_ex(o, x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);   

    if(x509)
        X509_free(x509);
}

但我想要的只是那些信息的一些部分。如何做？

But what I want is only some parts of that information. how can it be done?

感谢

推荐答案

c $ c> grep _get_ /usr/include/openssl/x509.h

try grep _get_ /usr/include/openssl/x509.h

这里有一些您可能会觉得有用的东西：

here are some things you may find useful:

EVP_PKEY *  X509_get_pubkey(X509 *x);
#define     X509_CRL_get_issuer(x) ((x)->crl->issuer)
#define     X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
#define     X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)

b $ b

也请检查源代码 t_x509.c ，其中包含 X509_print_ex 。这可能是最有用的。

Also check the source code for t_x509.c which contains X509_print_ex. This will probably be most useful.

这篇关于如何以编程方式从证书提取信息？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！