每当我尝试将未签名的char *强制转换为X509 *时,都会发生分段错误

时间:2019-12-04 05:53:36

标签: c openssl x509

我正在尝试通过SSL套接字将证书发送给客户端。证书作为Blob存储在数据库中。

每当我尝试将接收数据的无符号char *指针强制转换为X509 *并访问X509时,我的客户端段错误甚至服务器都执行相同的操作,但效果很好。我打印了以十六进制形式传递的数据,它们匹配了,所以我不确定是什么问题。

服务器:

//returns the blob containing the cert from db.
unsigned char *cert = get_cert(name);
X509* certt = (X509 *) cert;
//gets size of certificate to send over socket
int cert_size = i2d_X509(certt, NULL);

//prints cert common name and binary data as hex
setvbuf(stdout, NULL, _IONBF, 0);
unsigned char *user = X509_NAME_oneline(X509_get_subject_name(certt), 0, 0);
printf("%s\n", user);
for (int i = 0; i < cert_size; i++){
    printf("%X", cert[i]);
}

//sends cert size then the cert.
char message[64];
snprintf(message, 64, "/cert %d", cert_size);
ssl_block_write(ssl, serverfd, message, strlen(message));
ssl_block_write(ssl, serverfd, cert, cert_size);

客户:

//allocates enough memory to receive cert
unsigned char *data = malloc(size);
printf("%d\n", ssl_block_read(ssl, serverfd, data, size));

for (int i = 0; i < size; i++)
    printf("%X", data[i]);

X509 *cert = (X509 *) data;
unsigned char *user = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("%s\n", user);

1 个答案:

答案 0 :(得分:1)

您不能这样做! X509结构不能以这种方式直接序列化。它包含指针等无法正确序列化的指针。如果需要将其存储为Blob,则应首先使用i2d_X509()将其转换为DER,然后再次读回时,需要使用d2i_X509()再次将其转换回。我不知道为什么它在服务器上适合您。不应该。