如何以编程方式从证书中提取信息? [英] How to programmatically extract information from certificate?
问题描述
我有一个生成的证书,但我希望能够从证书中提取信息,例如国家、有效期、公钥等.我必须将从证书中检索到的信息与我存储在 C 程序中的其他信息进行比较.
I have a generated a certificate, but I would like to be able to extract the information from the certificate, as for example the country, the validity, the public key and so on. I have to compare this information retrived from the certificate with some other that I have stored in my C programe.
我知道如果我使用这样的功能,它会打印我的证书信息:
I know that if I use a function like this it will print me the certificate information:
void print_certificate(const char* cert)
{
X509 *x509 = NULL;
BIO *i = BIO_new(BIO_s_file());
BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);
if((BIO_read_filename(i, cert) <= 0) ||
((x509 = PEM_read_bio_X509_AUX(i, NULL, NULL, NULL)) == NULL)) {
printf("Bad certificate, unable to read
");
}
X509_print_ex(o, x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
if(x509)
X509_free(x509);
}
但我想要的只是这些信息的一部分.怎么办?
But what I want is only some parts of that information. how can it be done?
谢谢
推荐答案
试试 grep _get_/usr/include/openssl/x509.h
这里有一些你可能会觉得有用的东西:
here are some things you may find useful:
EVP_PKEY * X509_get_pubkey(X509 *x);
#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
同时检查 的源代码t_x509.c 包含 X509_print_ex
.这可能是最有用的.
Also check the source code for t_x509.c which contains X509_print_ex
. This will probably be most useful.
这篇关于如何以编程方式从证书中提取信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!