X.509の読み込みについて
SSL/TLSでは証明書の交換にX.509のDER形式を利用していて,これはOpenSSLのd2i_X509関数などを使うと読み込みができる.
#include <openssl/x509.h> void print_x509(char *buf, int len) { X509 *cert; unsigned char *p = (unsigned char*)data; cert = d2i_X509(NULL, (const unsigned char**)&p, cert_len); if (cert == NULL) return; X509_print_fp(stdout, cert); X509_free(cert); }
mixiの証明書で試してみると以下のように表示される.
Certificate: Data: Version: 3 (0x2) Serial Number: 63:6c:0e:1b:92:d8:ff:1f:a1:d2:cf:76:eb:e0:2f:49:70:f9:97:2c Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan Public CA G2 Validity Not Before: Dec 14 08:05:31 2012 GMT Not After : Feb 28 14:59:00 2013 GMT Subject: C=JP, ST=Tokyo, L=Shibuya-ku, O=mixi,Inc., OU=develop01, CN=mixi.jp Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:e4:9e:1a:a0:e6:58:43:ef:f1:2c:72:36:61:24: db:0b:62:04:9b:87:2a:44:39:a7:fc:55:7c:81:88: 0b:04:bf:05:e8:01:fe:74:1a:70:d0:99:27:0c:8d: 2b:a4:6d:36:08:b5:31:8f:bc:3e:e6:29:70:f5:4c: 02:91:61:f1:87:e6:ca:99:fd:cd:f2:67:5d:ff:77: f3:5e:31:25:b6:47:2d:78:af:9d:07:20:14:60:e8: 4c:58:f9:cc:ad:1b:3d:f1:d9:26:fc:ee:62:40:b1: 9b:04:65:19:90:25:c0:5a:f8:09:ec:f5:e9:10:99: 52:94:28:8e:57:fa:29:5c:89:0f:e2:ca:a5:5d:e8: 8a:ce:d0:55:b3:eb:a3:7d:b5:c9:f2:26:fc:87:03: 39:19:9c:e4:5b:1b:17:77:ce:04:8d:38:45:b1:6f: 65:68:58:66:e9:28:73:d5:91:ff:fb:d9:b8:df:68: f6:26:7e:4d:c6:2d:91:78:91:21:4a:39:96:38:fa: 87:46:a6:b0:04:65:2f:40:d8:10:f0:47:bf:b5:53: ce:86:4c:d7:c6:44:60:1b:d1:41:a8:bf:06:b0:1e: f2:ec:61:fc:c2:e9:32:39:be:cf:b6:3c:1c:63:e9: 0b:fa:40:ec:01:b5:5e:f3:01:c2:8b:a3:92:30:a9: f3:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Certificate Policies: Policy: 1.2.392.200081.1.1 User Notice: Explicit Text: For more details, please visit our website https://www.cybertrust.ne.jp . CPS: https://www.cybertrust.ne.jp/ssl/repository/index.html X509v3 Subject Alternative Name: DNS:mixi.jp X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://sureseries-crl.cybertrust.ne.jp/SureServer/ctjpubcag2/cdp.crl Signature Algorithm: sha1WithRSAEncryption 77:23:42:8c:0a:6a:7f:0e:ff:0c:e2:5f:ed:a1:2d:33:58:6f: 64:da:2a:be:22:1f:0a:73:a5:36:cf:ad:42:d4:e1:53:f9:95: bf:5c:63:87:ee:93:d6:68:bd:a0:e8:96:65:c6:58:9f:8b:cc: b0:57:d9:55:1d:32:cd:2b:aa:c9:c1:b6:92:b9:b2:c6:21:e1: 35:1c:c2:c1:b0:c5:ae:7b:1d:ee:c6:5f:ce:ed:55:b9:c6:bd: 41:55:b8:d0:81:87:6d:e0:45:4a:74:55:01:b6:1e:95:2d:91: ee:f5:8e:df:ac:9e:63:6d:be:7c:75:65:bd:ba:45:81:4a:d4: b6:eb:f5:4a:c8:8f:79:a0:6b:ea:c9:06:46:31:f2:8f:1c:ee: 49:f7:8b:17:09:cb:4d:87:23:ad:71:3e:87:9f:e3:43:40:35: 06:9a:30:09:ae:dc:2f:38:d9:02:55:60:3c:1b:ae:f1:6d:79: 03:c5:0d:95:85:31:08:a6:46:1c:0a:3b:c5:f0:96:c0:38:a3: 67:3b:74:da:fa:79:0f:f0:4d:37:65:c8:4e:4a:02:f8:af:4a: 9c:f1:29:f9:38:2b:6b:0a:53:99:39:61:eb:cf:b3:48:ca:41: 80:b4:54:2f:a0:d3:68:83:a6:4a:de:fd:0a:27:41:a4:4b:31: db:fa:05:d7
subjectなどを取得したいときはX509_get_subject_name関数などを使うらしい.