Certificate parsing to mbedtls_x509_crt to char buffer

Pokitoz · February 25, 2019, 5:31pm

Hello!

I have a file which is a certificate in PEM format:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 12327102009715709294 (0xab12a9f74f1bd56e)
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=UK, ST=CB, L=CA, O=CA, CN=libddssecCerticateAuthority/emailAddress=mainca@ca.com
        Validity
            Not Before: Feb 15 13:11:21 2019 GMT
            Not After : Feb 12 13:11:21 2029 GMT
        Subject: C=UK, ST=CB, O=Arm, CN=mbed CSR
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    <Public key>
                ASN1 OID: prime256v1
                NIST CURVE: P-256
    Signature Algorithm: ecdsa-with-SHA256
        <signature>
-----BEGIN CERTIFICATE-----
<base64>
-----END CERTIFICATE-----

I am successfully reading this certificate to memory into a mbedtls_x509_crt and would like to dump the certificate using printf.

I managed to print part of it (which is only the field) using the following code:

  mbedtls_x509_crt* pub_cert = mbedtls_parse_cert("certificates/p1cert.pem");
  size_t olen;
  unsigned char output_buf[4096];
  ret = mbedtls_base64_encode(output_buf, 4096, &olen,
                   pub_cert->raw.p, pub_cert->raw.len );
  if(ret != 0) {
    mbedtls_strerror(ret, output_buf, 4096);
    printf(" %s\n", output_buf);
  }
  
  printf(" -----BEGIN CERTIFICATE-----\n");
  printf(" %s\n", output_buf);
  printf(" -----END CERTIFICATE-----");

But I would like to have the other information that are above this. How can I get them ?

roneld01 · March 4, 2019, 11:58am

Hi @Pokitoz
Does this post answer your question?
Is there any more information you need from the certificate?

Regards,
Mbed TLS Team member
Ron

Pokitoz · March 6, 2019, 2:25pm

Hello @roneld01,

Thanks for your answer. I had a look and it prints the following result:

cert. version : 1
serial number : AB:12:A9:F7:4F:1B:D5:6A
issuer name : C=UK, ST=CB, L=Cambridge, O=Arm, CN=libddssecCerticateAuthority, emailAddress=mainca@arm.com
subject name : C=UK, ST=CB, O=Arm, CN=libddssecApplication, emailAddress=application@arm.com
issued on : 2019-02-15 13:10:50
expires on : 2029-02-12 13:10:50
signed using : ECDSA with SHA256
EC key size : 256 bits

Which contains part of the information I need but not in the correct format. I would like to dump the certificate into a buffer to transfer it and read it back in memory by parsing the buffer.

roneld01 · March 7, 2019, 8:30am

Hi @Pokitoz
You can add your own verify function, that will print whatever information you wish during the certificate verification process.

In addition, the parsed mbedtls_x509_crt structure has the raw certificate data which you can parse for your needs.
Regards,
Ron

Topic		Replies	Views
Mbedtls can not parse file of ed25519 cert and key Mbed TLS mbed_tls	1	944	July 27, 2022
Write mbedtls_x509_crt to PEM Generic	5	2223	March 11, 2019
Mbedtls_x509_crt_parse return -0x3B00 Crypto and SSL questions	2	3447	March 18, 2020
After calling mbedtls_x509_crt_parse() is it safe to free the certificate buffer Mbed TLS mbed_tls	1	899	July 29, 2018
Error using mbedtls_x509_crt_parse Generic	3	5233	December 6, 2018

Certificate parsing to mbedtls_x509_crt to char buffer

Related topics