X.509の読み込みについて
SSL/TLSでは証明書の交換にX.509のDER形式を利用していて,これはOpenSSLのd2i_X509関数などを使うと読み込みができる.
#include <openssl/x509.h> void print_x509(char *buf, int len) { X509 *cert; unsigned char *p = (unsigned char*)data; cert = d2i_X509(NULL, (const unsigned char**)&p, cert_len); if (cert == NULL) return; X509_print_fp(stdout, cert); X509_free(cert); }
mixiの証明書で試してみると以下のように表示される.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:6c:0e:1b:92:d8:ff:1f:a1:d2:cf:76:eb:e0:2f:49:70:f9:97:2c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan Public CA G2
Validity
Not Before: Dec 14 08:05:31 2012 GMT
Not After : Feb 28 14:59:00 2013 GMT
Subject: C=JP, ST=Tokyo, L=Shibuya-ku, O=mixi,Inc., OU=develop01, CN=mixi.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e4:9e:1a:a0:e6:58:43:ef:f1:2c:72:36:61:24:
db:0b:62:04:9b:87:2a:44:39:a7:fc:55:7c:81:88:
0b:04:bf:05:e8:01:fe:74:1a:70:d0:99:27:0c:8d:
2b:a4:6d:36:08:b5:31:8f:bc:3e:e6:29:70:f5:4c:
02:91:61:f1:87:e6:ca:99:fd:cd:f2:67:5d:ff:77:
f3:5e:31:25:b6:47:2d:78:af:9d:07:20:14:60:e8:
4c:58:f9:cc:ad:1b:3d:f1:d9:26:fc:ee:62:40:b1:
9b:04:65:19:90:25:c0:5a:f8:09:ec:f5:e9:10:99:
52:94:28:8e:57:fa:29:5c:89:0f:e2:ca:a5:5d:e8:
8a:ce:d0:55:b3:eb:a3:7d:b5:c9:f2:26:fc:87:03:
39:19:9c:e4:5b:1b:17:77:ce:04:8d:38:45:b1:6f:
65:68:58:66:e9:28:73:d5:91:ff:fb:d9:b8:df:68:
f6:26:7e:4d:c6:2d:91:78:91:21:4a:39:96:38:fa:
87:46:a6:b0:04:65:2f:40:d8:10:f0:47:bf:b5:53:
ce:86:4c:d7:c6:44:60:1b:d1:41:a8:bf:06:b0:1e:
f2:ec:61:fc:c2:e9:32:39:be:cf:b6:3c:1c:63:e9:
0b:fa:40:ec:01:b5:5e:f3:01:c2:8b:a3:92:30:a9:
f3:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.392.200081.1.1
User Notice:
Explicit Text: For more details, please visit our website https://www.cybertrust.ne.jp .
CPS: https://www.cybertrust.ne.jp/ssl/repository/index.html
X509v3 Subject Alternative Name:
DNS:mixi.jp
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
URI:http://sureseries-crl.cybertrust.ne.jp/SureServer/ctjpubcag2/cdp.crl
Signature Algorithm: sha1WithRSAEncryption
77:23:42:8c:0a:6a:7f:0e:ff:0c:e2:5f:ed:a1:2d:33:58:6f:
64:da:2a:be:22:1f:0a:73:a5:36:cf:ad:42:d4:e1:53:f9:95:
bf:5c:63:87:ee:93:d6:68:bd:a0:e8:96:65:c6:58:9f:8b:cc:
b0:57:d9:55:1d:32:cd:2b:aa:c9:c1:b6:92:b9:b2:c6:21:e1:
35:1c:c2:c1:b0:c5:ae:7b:1d:ee:c6:5f:ce:ed:55:b9:c6:bd:
41:55:b8:d0:81:87:6d:e0:45:4a:74:55:01:b6:1e:95:2d:91:
ee:f5:8e:df:ac:9e:63:6d:be:7c:75:65:bd:ba:45:81:4a:d4:
b6:eb:f5:4a:c8:8f:79:a0:6b:ea:c9:06:46:31:f2:8f:1c:ee:
49:f7:8b:17:09:cb:4d:87:23:ad:71:3e:87:9f:e3:43:40:35:
06:9a:30:09:ae:dc:2f:38:d9:02:55:60:3c:1b:ae:f1:6d:79:
03:c5:0d:95:85:31:08:a6:46:1c:0a:3b:c5:f0:96:c0:38:a3:
67:3b:74:da:fa:79:0f:f0:4d:37:65:c8:4e:4a:02:f8:af:4a:
9c:f1:29:f9:38:2b:6b:0a:53:99:39:61:eb:cf:b3:48:ca:41:
80:b4:54:2f:a0:d3:68:83:a6:4a:de:fd:0a:27:41:a4:4b:31:
db:fa:05:d7
subjectなどを取得したいときはX509_get_subject_name関数などを使うらしい.
