在代码EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)中使用openssl无法在.cer文件中获取公钥。
int load_cert() {
FILE *fp = fopen("/home/android/cafile/cerfile.cer", "r");
if (!fp) {
fprintf(stderr, "unable to open: %s\n", path);
return EXIT_FAILURE;
}
X509 *x509data = NULL;
// X509 *cert = d2i_X509_bio(fp, NULL);
d2i_X509_fp(fp, &x509data);
if (!x509data) {
fprintf(stderr, "unable to parse certificate in: %s\n", path);
fclose(fp);
return EXIT_FAILURE;
}
char issuer_name[1024];
char subject_name[1024];
X509_NAME_oneline(X509_get_issuer_name(x509data), issuer_name,
sizeof(issuer_name));
X509_NAME_oneline(X509_get_subject_name(x509data), subject_name,
sizeof(subject_name));
printf("Issuer name: %s\n", issuer_name);
printf("Subject name: %s\n", subject_name);
EVP_PKEY *pkey;
EVP_PKEY *a = NULL;
//d2i_PUBKEY_fp(fp, &a);
pkey = d2i_PUBKEY_fp(fp, &a);
d2i_PUBKEY_fp(fp, NULL);
if (pkey == NULL) {
printf("d2i_PUBKEY_fp pkey error\n");
}
if (a == NULL) {
printf("d2i_PUBKEY_fp a error\n");
}
// any additional processing would go here..
fclose(fp);
return 0;
}
issuer_name和subject_name可以正确获得,但是pkey和a为空。
答案 0 :(得分:1)
您似乎期望公钥在文件中的X509证书之后直接采用序列化形式。公钥包含在证书中 内-因此您在进行d2i_X509_fp调用时已经阅读了它,并且包含在x509data对象中。要将其提取为EVP_PKEY,请使用X509_get_pubkey,如此处所述:
https://www.openssl.org/docs/man1.1.1/man3/X509_get_pubkey.html