我正在尝试通过SSL套接字将证书发送给客户端。证书作为Blob存储在数据库中。
[每当我尝试将接收数据的无符号char *指针强制转换为X509 *并访问X509时,我的客户端段错误,甚至服务器也执行相同的操作,但效果很好。我打印了以十六进制形式传递的数据,它们匹配了,所以我不确定是什么问题。
服务器:
//returns the blob containing the cert from db.
unsigned char *cert = get_cert(name);
X509* certt = (X509 *) cert;
//gets size of certificate to send over socket
int cert_size = i2d_X509(certt, NULL);
//prints cert common name and binary data as hex
setvbuf(stdout, NULL, _IONBF, 0);
unsigned char *user = X509_NAME_oneline(X509_get_subject_name(certt), 0, 0);
printf("%s\n", user);
for (int i = 0; i < cert_size; i++){
printf("%X", cert[i]);
}
//sends cert size then the cert.
char message[64];
snprintf(message, 64, "/cert %d", cert_size);
ssl_block_write(ssl, serverfd, message, strlen(message));
ssl_block_write(ssl, serverfd, cert, cert_size);
客户:
//allocates enough memory to receive cert
unsigned char *data = malloc(size);
printf("%d\n", ssl_block_read(ssl, serverfd, data, size));
for (int i = 0; i < size; i++)
printf("%X", data[i]);
X509 *cert = (X509 *) data;
unsigned char *user = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("%s\n", user);
您不能这样做! X509结构不能以这种方式直接序列化。它包含指针等无法正确序列化的指针。如果需要将其存储为Blob,则应首先使用i2d_X509()将其转换为DER,然后再次读回时,需要使用d2i_X509()再次将其转换回。我不知道为什么它在服务器上适合您。它不应该。