Trying to get a public info for a certificate

Matt Caswell matt at
Mon Jun 3 16:23:03 UTC 2019

On 03/06/2019 16:40, Daniel Pedraza wrote:
> Hi guys!
> I'm trying to upgrade an old C project from OpenSSL 1.0.2 to the newest 1.1.1
> version. Everything's going smoothly, except for one little detail:
> There's a part of the code where we're doing a sha256 hash of the public key of
> our certificate. On the older OpenSSL, we were able to get the public key by
> doing cert->cert_info->key->public_key->data. On the newer version, we no longer
> have access to the cert_info struct.
> I tried doing:
> EVP_PKEY * public_key = X509_get0_pubkey(cert);
> this gives me an EVP_PKEY value, which I tried to convert to a char** by doing this:
> unsigned char *buf, *p;
> int len = i2d_PublicKey(public_key, NULL);
> buf = OPENSSL_malloc(len);
> p = buf;
> i2d_PublicKey(public_key, &p);
> This gives me a buffer with the correct length, but it seems like it has
> different data from what the public_key->data used to give me.
> Granted, I am not very savvy with OpenSSL, or with ssl in general, so maybe I'm
> doing something wrong/dumb? I've spent a fair bit of time on the
> documentation/wiki but I can´t seem to find the answer. Seems to me like this
> should be something very straightforward?
> Any help would be v much appreciated

Probably what you want is the X509_get0_pubkey_bitstr() function. This gives you
the data as an ASN1_BIT_STRING structure (i.e. what used to be accessible as


More information about the openssl-users mailing list