On Thu, Jan 16, 2003 at 03:37:04PM +0100, Massimiliano Pala wrote:
> Hi all,
>
> I have one question for you. I want to check extensions added to a CRL
> entry but I do not know how to access informations. Actually I use the
> code:
>
> rev = X509_CRL_get_REVOKED(crl);
>
> for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
>
> r = sk_X509_REVOKED_value(rev, i);
>
> for (i=0; i<sk_X509_EXTENSION_num(r->extensions); i++)
> {
> ASN1_OBJECT *obj;
> ASN1_OBJECT *obj_tmp;
> X509_EXTENSION *ex;
>
> ex=sk_X509_EXTENSION_value(r->extensions, i);
> obj=X509_EXTENSION_get_object(ex);
>
> [ Missing Code ]
>
> }
>
> I would like in the [ Missing Code ] to check the object (that is of
> the NID_crl_reason type) for its value, for example if it is a
> certificateHold or RemoveFromCRL, etc...
>
> What's the correct way to do it ?
This extension is listed in "standard extensions" (x509v3/ext_dat.h)
so one can use X509V3_EXT_d2i() to parse it.
Maybe this way, instead of for(;<sk_X509_EXTENSION_num(r->extensions);)
ASN1_ENUMERATED *reason_asn =
X509_REVOKED_get_ext_d2i(r, NID_crl_reason, &crit, &idx);
long reason = ASN1_ENUMERATED_get(reason_asn);
if(reason == 6)
; // certificateHold
..and please dont forget error handling
hope this helps,
Vadim
>
> Thanks to all of you...
>
> --
>
> C'you,
>
> Massimiliano Pala
>
> --o-------------------------------------------------------------------------
> Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
> Tel.: +39 (0)59 270 094
> http://www.openca.org Fax: +39 178 221 8225
> http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
--
Naina library: http://www.unity.net/~vf/naina_r1.tgz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
