Write mbedtls_x509_crt to PEM

I have a mbedtls_x509_crt structure set using mbedtls_x509_crt_parse_der.
I would now like to write the structure in PEM.

I found mbedtls_x509write_crt_pem(), but it takes a different structure.

Is there such a function.

HI @kgoldman
Yes, mbedtls_x509write_crt_pem() uses the mbedtls_x509write_cert structure.
However, in the mbedtls_x509_crt structure structure, you have the certificate in DER format raw data which you can get and write it in PEM.

Mbed TLS Team member

Success. This was a great help. I offer two comments:

1 - mbedtls_pem_write_buffer() is not documented at tls.mbed.org. I found it at os.mbed.com. Which is the official API?

2 - The documentation for mbedtls_asn1_buf->p says “In ASCII” but the DER is binary.

Thank you for your comments

The API reference in the Mbed TLS website is currently the official API. I believe that this PR should fix this issue.

As for your comments on mbedtls_asn1_buf, the ASCII refers to the p data of the mbedtls_asn1_buf structure, and gives ASCII as an example.
This is not DER data. The data in this struct could be in ASCII.


Regarding “The API reference in the Mbed TLS website is currently the official API.”, which mbed web site? tls.mbed.org (where I got the source) or os.mbed.com (where this discussion is).

Regarding ASCII vs. DER, perhaps more correct would be to say that it’s tag dependent. In this application, the x509 data is DER.

HI Ken,

The Mbed TLS site is tls.mbed.org.
It will be migrated to the mbed.com domain, but not in the immediate future.
os.mbed.com the Mbed OS site, and it does not include API description for the standalone Mbed TLS release.

Yes, it is tag dependent. Note that mbedtls_asn1_buf holds the parsed DER data buffer.