Dr Stephen Henson wrote:
Peter Sylvester wrote:
There is some non-portable code round there that accesses extensions
in a most
convoluted fashion for some unknown reason.
the stuff in ..vars.c ssl_ext_list?
Well that too but was mainly thinking of the extension handling code in
ssl_util_ssl.c the loops in SSL_X509_getBC et al can be replaced by a single
call to X509_get_ext_d2i which has been in existence as long as X509_EXT_d2i.
SSL_X509_getCN is rather suspect too: it ignores the string type of commonName
entries.
right, this is all called only to log the value in ssl_check_public_cert
as far as I see. for the bc stuff, well X509_EXT_print may be worth to
be considered.
Steve.
