[openssl-users] Help finding replacement for ASN1_seq_unpack_X509

Salz, Rich rsalz at akamai.com
Thu Jul 21 08:35:06 UTC 2016

> Would it be acceptable to just iterate the stack elements, passing each X509
> through i2d_X509 and appending the results -- would that generate valid
> DER?

Maybe.  It depends on what the receiver is expecting.  If it's willing to read a set of certs until it hits EOF (or equivalent) that's fine.  But if you're sending a SEQUENCE OF certificates then you need to wrap it in an ASN1/DER container. For example, Netscape Cert Sequence

Can you post a code snippet?

More information about the openssl-users mailing list