I have a client/server architecture in which I use the openssl library to implement an encrypted communication (TLSv1.2). Since I'm using "self signed" certificates, in order to verify server's identity, my idea is to put in the client side a physical copy of the server's public key (server_public_key.pem) and then verify if it is equals to which received in the handshake phase of TLS.
On the client, I can retrieve the latter with:
X509 *cert = SSL_get_peer_certificate(ssl);
Now, I would extract the human readable string of the public key contained in this object.
I know that I can print it in this way:
EVP_PKEY *pkey = X509_get_pubkey(cert);
PEM_write_PUBKEY(stdout, pkey);
But I need to keep it as a string (instead of send it to stdout). How can I do this ?
Use BIO_new() to create a new
BIObacked by an internal memory buffer (initially empty).Then use
PEM_write_bio_PUBKEY()to write the public key to the BIO, at which point use the functions documented in theBIO's manual page to retrieve the public key.See the cited documentation for a simple example of creating a
BIO, writing to it, then reading from it. Replacing the sample write operation withPEM_write_bio_PUBKEY()should be sufficient.