我在CN=CA1, O=DEVANG中有CA证书的使用者名称。
我想转换为X509_NAME格式。
有没有可以帮助我转换的API?
我该如何比较?
最佳答案
OpenSSL中似乎没有任何可用的辅助功能来执行此操作。看来,实现所需目标的唯一方法是解析字符串并逐个构建X509_NAME_ENTRY元素。您可以使用strsep来生成类似以下代码的代码(该代码不进行任何错误检查,并且名称格式的变体容易出错):
#define TEST_NAME "CN=CA1, O=DEVANG"
X509_NAME *x509name = X509_NAME_new();
char *x509nameString = strdup(TEST_NAME);
char *toFree = x509nameString;
char *x509nameEntryString = strsep(&x509nameString, ",");
char *x509nameEntryTypeString;
char *x509nameEntryValueString;
while (NULL != x509nameEntryString) {
x509nameEntryValueString = x509nameEntryString;
x509nameEntryTypeString = strsep(&x509nameEntryValueString, "=");
X509_NAME_add_entry_by_txt(x509name, x509nameEntryTypeString,
MBSTRING_ASC, x509nameEntryValueString, -1, -1, 0);
/* Need to skip spaces */
while ((NULL != x509nameString) &&
(' ' == *x509nameString)) {
x509nameString = &x509nameString[1];
}
x509nameEntryString = strsep(&x509nameString, ",");
}
/* See the result, just FYI */
X509_NAME_print_ex_fp(stdout, x509name, 0, XN_FLAG_ONELINE);
free(toFree);
为了比较两个
X509_NAME实例,功能X509_NAME_cmp()可用。我希望有人能提供更好的答案。