On Tue, Nov 02, 2021 at 07:42:15PM +0000, Jason Schultz wrote:
> I thought I should start a new thread since this question was buried in my "FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL providers. I'm hitting another problem that I think is related to the migration to OpenSSL 3.0, as this code works with OpenSSL 1.1.1 (and 1.0.2 before it). When looking at the documentation pages for 1.1.1 vs 3.0, I'm not seeing any differences between the OpenSSL APIs I'm calling in the 2 different release levels.
>
> Here is the sequence, I'm basically setting up my certificate and private key, both in PEM format, for the server, then I need to extract some information from them:
>
> ctx = SSL_CTX_new_ex(non_fips_libctx, NULL, TLS_method());
> SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);
> SSL_CTX_use_certificate_file(ctx,<certfile>,SSL_FILETYPE_PEM);
> SSL_CTX_check_private_key(ctx);
> fp = fopen(<certfile>, "r");
> mycert = PEM_read_X509(fp, NULL, 0, NULL);
> pkey = X509_get_pubkey(mycert);
Without addressing the question of why you're unable to get the public
key handle from the certificate, why not just:
pkey = SSL_CTX_get0_privatekey(ctx){
and skip reading the cert again?
--
Viktor.
