1. X509_get_pubkey
  2. X509_get_pubkey Free

X509getX509PUBKEY returns an internal pointer to the X509PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use. X509setpubkey attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use. X509getsubjectname returns the subject name of certificate x. The returned value is an internal pointer which MUST NOT be freed. X509setsubjectname sets the issuer name of certificate x to name. The name parameter is copied internally and should be freed up when it is no longer needed.


I'm attempting to use Mbed TLS in place of OpenSSL. I was hoping someone could help me generate equivalent commands using Mbed TLS using cert_write.c as they compare to the following OpenSSL commands:

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

openssl x509 -req -in verificationCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out verificationCert.pem -days 500 -sha256

I've reviewed the following topics and understand these comparisons, I'm just missing on the generation of the various forms of the CA which aren't necessarily covered in these documents:'How to generate a self-signed certificate','How to generate a Certificate Request (CSR)','RSA Key Pair generator'

Specifically, I am attempting to emulate the process in the link below using Mbed TLS instead of OpenSSL. I will be attempting the Automatic/Just-in-Time Registration for Device Certificates and am already using Mbed TLS on my device:http://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#register-CA-cert

Thanks for any help people can offer. Kirby right back at ya english dub all episodes.

Hi Jeremy,
I am not sure what you think is missing. You will need a CA root certificate to generate a device certificate.
In https://tls.mbed.org/kb/how-to/generate-a-self-signed-certificate it explains you how to generate the self signed certificate as a CA certificate, using is_ca=1 parameter.
You can find an example for a CA certificate in certs.c for the test CA certificate used in mbed TLS examples.
I hope this hint helps
Regards,
mbed TLS Team member
Ron

X509_get_pubkey() attempts to decode the public key for certificate X509_get_pubkey_parametersx. If successful it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. X509_get0_pubkey() is similar except it does not increment the reference count of the returned EVP_PKEY

X509_get_pubkey

so it must not be freed up after use.

X509_get_pubkey Free

X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use.

X509_set_pubkey() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use.

X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.

⇐ ⇐ Ios 13.4