Skip to content

Instantly share code, notes, and snippets.

@daniele-athome

daniele-athome/ConvertPEM.java

Created June 8, 2015 23:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daniele-athome/47f458d64aefed6e6c11 to your computer and use it in GitHub Desktop.
Save daniele-athome/47f458d64aefed6e6c11 to your computer and use it in GitHub Desktop.
Download ZIP
SSL: Error parsing certificate
Raw
cert.pem
-----BEGIN CERTIFICATE-----
MIIJWDCCCECgAwIBAgIBATANBgkqhkiG9w0BAQUFADBuMSAwHgYDVQQKDBdPcGVu
UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
HhcNMTUwNjA3MTkzMjQxWhcNMTUwNjA3MTkzMjQxWjBuMSAwHgYDVQQKDBdPcGVu
UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrvwImcBxpVYTsA6G7I8vo
+vGDCqPt+yqcmCd4R3mU22Ec0HPMF+kmdmuGt7PrRND63dDAt5lCKM61JRF4zWn6
6/frDbFiahWgqMO4zcgWHdwUkKYSvQiMjtN7za4Q2bDSzas3I5a53qfE1fgBGHCM
QAMABcGQYxeGDaJYb0Ri1fGMaZFJz80tcGhuP3o7KrIN8l8wH2tW3cNDFdBqmRgr
dpEoaOb9NALeTiPEm64tDijNd2UP5j+HG6re0RYaHU8VOLT49W3sRtHEAC5BxZvK
vwX6Zf9RYyS4HnmX22VfHL0x5lfmFYERuYmwlUOnGn8GRv2iIo0HUcxMTtqP7N1n
AgMBAAGjggX/MIIF+zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIC7DAR
BglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFGAH2v2pCQwrsXchg8CYqbPE9rUd
MB8GA1UdIwQYMBaAFGAH2v2pCQwrsXchg8CYqbPE9rUdMIIFgwYTacnooqiNy+DH
x4nLwICqrteKGwSCBWoDggVmAJkBDQRVdJxZAQgAq78CJnAcaVWE7AOhuyPL6Prx
gwqj7fsqnJgneEd5lNthHNBzzBfpJnZrhrez60TQ+t3QwLeZQijOtSUReM1p+uv3
6w2xYmoVoKjDuM3IFh3cFJCmEr0IjI7Te82uENmw0s2rNyOWud6nxNX4ARhwjEAD
AAXBkGMXhg2iWG9EYtXxjGmRSc/NLXBobj96OyqyDfJfMB9rVt3DQxXQapkYK3aR
KGjm/TQC3k4jxJuuLQ4ozXdlD+Y/hxuq3tEWGh1PFTi0+PVt7EbRxAAuQcWbyr8F
+mX/UWMkuB55l9tlXxy9MeZX5hWBEbmJsJVDpxp/Bkb9oiKNB1HMTE7aj+zdZwAR
AQABtEF0ZXN0IDw0YmRkNGY5MjlmM2ExMDYyMjUzZTRlNDk2YmFmYmEwYmRmYjVk
Yjc1QHByaW1lLmtvbnRhbGsubmV0PokBHwQTAQIACQUCVXSj7AIbIQAKCRAbzoG4
O1XtxQSLB/43Aq4X591KRKK1xmwCgQFMHFuZH8cktPRi4MZc1BcwZmhjpK2OpB/i
oQFwpS/OH/bKw4JMdcfwuc6Y5GHSn5/D8NL5Ll+ZFEYPsWQjhNZqNXD19JJp53nP
giv85GWdo1xsZAegUIMkFKi5gIfw1z/XiXKiKbQ95aiN/gdEwU0SL16TZhMeDR8M
HcGH+Kf7iMGWGqxnJTozT1QOion0Lfc1zC3FNLAzHRaurH4qqd29VCGQA8cBy4UE
helXJRBVwY8Es1QJg6BMQPJjaFL5WHiagdz1OB9QzUNTzq04P77/P+v5vYmf71oy
3jH29AG/eTaDPmHTjvSdHj4FWRE9+aELuFIEVXScXxMIKoZIzj0DAQcCAwTbhR/+
kfv+5UeHXwZepCph9C9dV48O8yOfrjMo4Z/S+89x6R2uxFPEE/kkVXREwp2X+sYg
sUb6Mn733hT68NZIiQEfBBgBAgAJBQJVdKPtAhsCAAoJEBvOgbg7Ve3FUboIAKLU
QJrWjrpYrLEidegfTBoonO6clvWWUBTJcCMPI2QuyDPFhjIrlN9NxR1+dYCF/40K
KoaIMgIfIF1ziFjKx8J0Nmr5NEW4DDEfKyjk/UHFTxHaXe48lywBW83faZtzPyS9
+H9NADhYXKdHjfOGIWQGNEIXqi8FrvuJphVpaCbSsxKaxuXshcOzz6xFaVeohyOr
UQfooZlzXRCDA4wLG4Iey/4j+weLpCeWkiktZfTYE9pwGEobAomeJW1Blz2szN2r
MKoxMn77BjRavCfTMVMlBj1ykRpdPO2iBMVNS0wATtsCS/NuCJycXNjDdUm17WoF
AcbXC/il19ui6OtILPm4VgRVdJxcEggqhkjOPQMBBwIDBPw1BPM1BPHetE8crupf
i7NFm2gdJxxA9kaoJaT8vpbnvFOroUpOJMfwPKdsT2q/nb0/CmDlOxCmAS8V7R7E
74YDAQgHiQEfBBgBAgAJBQJVdKPuAhsEAAoJEBvOgbg7Ve3FYqAH/ja6h/TXhtTn
7YNjov+hDAvObpKP7R7eZFUlhAPfA9YoCZ2ChGOLCUgVOG4rCJ6qkqRZv28gBY4J
0lUfRwxtWJwAS5j3Hh4/dYD3zB8HSShFJUv6osEykP99bJETmpOcjXzSjx+BUvPB
CL3NPvGaRcDLZH0+j29Is0CsPAATdOoBQCjJxUZcDc95aoszK8QSLpWr0WUtEm2M
rVDqIMisI7JxyLbBRW8ndo1fzZEiYzkv3r/hmPXO3YBcIK4Bfu2R6dXbR+y7wx7V
3RWfJpmEchO3nPc4tEbRWAo2cV+HPshCNnZt6C5dV2HAjifaciRKPS/Jg+OXuFJ2
wKSXemasi0kwDQYJKoZIhvcNAQEFBQADggEBAAleNtzlAxwYnLNPEmPkqSbiEV+h
hvoAqHBiYIyXrtrOZzV9BgrKCORC1wDVCxjf9yf0P1HWxyoA7/4QV3OcpGvTLs5c
oSf6DgC/G+jRvXxxMuF0whb4lFOS8aqCCbqcCOW/FYpQVBcMiLBh1OyFc/XBOQ8i
L2l+0GPeGEax8QLUoPAx5QOEvMnHWqG1dj6svMqo4dIHyWsgXMY9j800s4OfQu1L
w7qs3ilNxpY+PydclHCXp36rpSLQH8yg0tQlKdkhYqbaDT+EkiIDOiW5YMYjCghi
SeljWWpqevqji00Mdv/VfAOZX/RYlnpScsAZjwO/GJyGx1T/9RdcRgnXWnE=
-----END CERTIFICATE-----
Raw
ConvertPEM.java
import java.io.*;
import java.security.cert.*;
import org.bouncycastle.openssl.*;
public class ConvertPEM {
public static void main(String[] args) throws Exception {
// load certificate
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new FileInputStream(args[0]));
OutputStream certificateOS = new FileOutputStream("cert.converted.pem");
PEMWriter certificateWriter = new PEMWriter(new OutputStreamWriter(certificateOS));
certificateWriter.writeObject(certificate);
certificateWriter.close();
}
}
Raw
load-certificate.c
#include <stdio.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
static BIO *fileToMemBuf(const char* filename) {
FILE* f = fopen(filename, "rb");
if (f != NULL) {
fseek(f, 0, SEEK_END);
long size = ftell(f);
rewind(f);
char* contents = malloc(size * (sizeof(char)) + 1);
memset(contents, 0, size * (sizeof(char)) + 1);
fread(contents, sizeof(char), size, f);
fclose(f);
BIO *result = BIO_new(BIO_s_mem());
BIO_puts(result, contents);
return result;
}
return NULL;
}
int main(int argc, char** argv)
{
SSL_CTX* ssl_ctx;
printf("Initializing OpenSSL\n");
SSL_load_error_strings();
ERR_load_crypto_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
printf("Creating context\n");
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
// Note: We explicitly do not allow SSLv2 to be used. It
printf("Setting options\n");
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
/* Java code in class OpenSSLSocketImpl does the verification. Meaning of
* SSL_VERIFY_NONE flag in client mode: if not using an anonymous cipher
* (by default disabled), the server will send a certificate which will
* be checked. The result of the certificate verification process can be
* checked after the TLS/SSL handshake using the SSL_get_verify_result(3)
* function. The handshake will be continued regardless of the
* verification result.
*/
printf("Setting verify\n");
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
printf("Loading certificate data from: %s\n", argv[1]);
BIO* certificatesbio = fileToMemBuf(argv[1]);
printf("Certificate loaded: %p\n", certificatesbio);
if (certificatesbio != NULL) {
X509* certificatesx509 =
PEM_read_bio_X509(certificatesbio, NULL, 0, NULL);
BIO_free(certificatesbio);
if (certificatesx509 == NULL) {
printf("Error parsing the certificates\n");
SSL_CTX_free(ssl_ctx);
return;
}
int ret = SSL_CTX_use_certificate(ssl_ctx, certificatesx509);
if (ret != 1) {
printf("Error setting the certificates\n");
X509_free(certificatesx509);
SSL_CTX_free(ssl_ctx);
return;
}
}
SSL_CTX_free(ssl_ctx);
return EXIT_SUCCESS;
}
Raw
Makefile
PKG_CONFIG_PATH := /opt/ssltest/lib/pkgconfig
all: load-certificate ConvertPEM.class
ConvertPEM.class: ConvertPEM.java
javac -cp /usr/share/java/\* $<
load-certificate: load-certificate.c
$(CC) `pkg-config --libs --cflags openssl` -o $@ $<
run: all
java -cp /usr/share/java/bcpkix.jar:. ConvertPEM cert.cer
LD_LIBRARY_PATH=/opt/ssltest/lib ./load-certificate cert.pem
@daniele-athome
Copy link
Author

Utility code for http://stackoverflow.com/questions/30698087/ssl-error-parsing-the-certificate-ok

@daniele-athome
Copy link
Author

cert.cer is just cert.pem converted to DER format.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment