Mbed forum

Certificate parsing to mbedtls_x509_crt to char buffer

mbed_tls

(Florian Depraz) #1

Hello!

I have a file which is a certificate in PEM format:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 12327102009715709294 (0xab12a9f74f1bd56e)
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=UK, ST=CB, L=CA, O=CA, CN=libddssecCerticateAuthority/emailAddress=mainca@ca.com
        Validity
            Not Before: Feb 15 13:11:21 2019 GMT
            Not After : Feb 12 13:11:21 2029 GMT
        Subject: C=UK, ST=CB, O=Arm, CN=mbed CSR
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    <Public key>
                ASN1 OID: prime256v1
                NIST CURVE: P-256
    Signature Algorithm: ecdsa-with-SHA256
        <signature>
-----BEGIN CERTIFICATE-----
<base64>
-----END CERTIFICATE-----

I am successfully reading this certificate to memory into a mbedtls_x509_crt and would like to dump the certificate using printf.

I managed to print part of it (which is only the field) using the following code:

  mbedtls_x509_crt* pub_cert = mbedtls_parse_cert("certificates/p1cert.pem");
  size_t olen;
  unsigned char output_buf[4096];
  ret = mbedtls_base64_encode(output_buf, 4096, &olen,
                   pub_cert->raw.p, pub_cert->raw.len );
  if(ret != 0) {
    mbedtls_strerror(ret, output_buf, 4096);
    printf(" %s\n", output_buf);
  }
  
  printf(" -----BEGIN CERTIFICATE-----\n");
  printf(" %s\n", output_buf);
  printf(" -----END CERTIFICATE-----");

But I would like to have the other information that are above this. How can I get them ?


(Ron Eldor) #2

Hi @Pokitoz
Does this post answer your question?
Is there any more information you need from the certificate?

Regards,
Mbed TLS Team member
Ron


(Florian Depraz) #3

Hello @roneld01,

Thanks for your answer. I had a look and it prints the following result:

cert. version : 1
serial number : AB:12:A9:F7:4F:1B:D5:6A
issuer name : C=UK, ST=CB, L=Cambridge, O=Arm, CN=libddssecCerticateAuthority, emailAddress=mainca@arm.com
subject name : C=UK, ST=CB, O=Arm, CN=libddssecApplication, emailAddress=application@arm.com
issued on : 2019-02-15 13:10:50
expires on : 2029-02-12 13:10:50
signed using : ECDSA with SHA256
EC key size : 256 bits

Which contains part of the information I need but not in the correct format. I would like to dump the certificate into a buffer to transfer it and read it back in memory by parsing the buffer.


(Ron Eldor) #4

Hi @Pokitoz
You can add your own verify function, that will print whatever information you wish during the certificate verification process.

In addition, the parsed mbedtls_x509_crt structure has the raw certificate data which you can parse for your needs.
Regards,
Ron