Hello,
Is it possible to output a mbedtls_x509_crt as PEM or DER? I’ve been combing the API docs but don’t see how I can do this export. I see controls for exporting a newly-built cert, but not one that comes from, e.g., mbedtls_ssl_get_peer_cert().
Thank you!
Cheers, -Felipe Gasper
Hi Felipe,
I don't think that's possible with Mbed TLS 3.0, but it was possible with Mbed TLS 2.x and will be possible again in Mbed TLS 3.1: you can access the DER representation of the certificate from the raw field of the mbedtls_x509_crt structure. A simple call to memcpy() should to the trick.
If you want to ouput it as PEM, I think you'll have to call `mbedtls_pem_write_buffer()` manually with appropriate values for header and footer.
Regards, Manuel. ________________________________ From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of Felipe Gasper via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 01 December 2021 21:02 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Output a mbedtls_x509_crt?
Hello,
Is it possible to output a mbedtls_x509_crt as PEM or DER? I’ve been combing the API docs but don’t see how I can do this export. I see controls for exporting a newly-built cert, but not one that comes from, e.g., mbedtls_ssl_get_peer_cert().
Thank you!
Cheers, -Felipe Gasper -- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
On Dec 2, 2021, at 03:34, Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com wrote:
Hi Felipe,
I don't think that's possible with Mbed TLS 3.0, but it was possible with Mbed TLS 2.x and will be possible again in Mbed TLS 3.1: you can access the DER representation of the certificate from the raw field of the mbedtls_x509_crt structure. A simple call to memcpy() should to the trick.
Yeah, I’m seeing this.
Is there a plan for the next mbedTLS release that might incorporate changes like this? If so, where might I read about that?
I’d like to use a production release; as an interim I can bring in private_access.h and hack my way in, but it’d be nice, of course, not to do that.
Thank you!
-FG
Hi Felipe,
We'd like to release Mbed TLS 3.1 this month before most of the team goes on holiday. Though, that's only a soft goal, there might be delays, in which case the release would happen in the beginning of January.
I hope that works for you.
Regards, Manuel. ________________________________ From: Felipe Gasper felipe@felipegasper.com Sent: 03 December 2021 17:46 To: Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com Cc: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] Output a mbedtls_x509_crt?
On Dec 2, 2021, at 03:34, Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com wrote:
Hi Felipe,
I don't think that's possible with Mbed TLS 3.0, but it was possible with Mbed TLS 2.x and will be possible again in Mbed TLS 3.1: you can access the DER representation of the certificate from the raw field of the mbedtls_x509_crt structure. A simple call to memcpy() should to the trick.
Yeah, I’m seeing this.
Is there a plan for the next mbedTLS release that might incorporate changes like this? If so, where might I read about that?
I’d like to use a production release; as an interim I can bring in private_access.h and hack my way in, but it’d be nice, of course, not to do that.
Thank you!
-FG
mbed-tls@lists.trustedfirmware.org
-
Felipe Gasper -
Manuel Pegourie-Gonnard