openssl Trying to replace `openssl x509 -hash -noout` with go

Trying to replace `openssl x509 -hash -noout` with go

Open andreas-kupries opened this issue 3 years ago • 1 comments

I am looking to replace openssl x509 -hash -noout with go code. Is that possible with this package ? If yes, is there an example in the docs ? I failed to find anything.

I am aware of #112. It looks to be related, but not the same (It talks about the -subject_hash_old instead of -hash).

Further, do I understand correctly that this package requires a regular openssl.so in the environment it will then make uses of ?

Apr 28 '21 12:04 andreas-kupries

Hm. Could adding

func (c *Certificate) GetSubjectNameHash() (uint32, error) {
	hash := C.X509_subject_name_hash(c.x)
	return uint32(hash), nil
}

to cert.go be enough ? (I am unsure about endianess)

Could then do

	pemBytes, err := ioutil.ReadFile(os.Args[1])
	if err != nil {
		return fmt.Errorf("unable to open certificate: %v", err)
	}

	block, _ := pem.Decode(pemBytes)
	if block == nil {
		return errors.New("failed to decode PEM")
	}

	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return fmt.Errorf("failed to parse certificate from PEM: %v", err)
	}

        hash, _ := cert.GetSubjectNameHash()
        asString := fmt.Sprintf("%08x\n", hash)
        ...

Apr 28 '21 14:04 andreas-kupries

openssl openssl copied to clipboard

Trying to replace `openssl x509 -hash -noout` with go

openssl
openssl copied to clipboard