Derick Cassidy wrote: > > Hello > > After playing around with the SSL stuff, I am successfully able to validate > online crls (ldap query, then lastUpdate/nextUpdate them). What I would > like to do now, is validate attributeCertificates > > I tried using the same approach as the CRLs > > ldap query; > d2i the returned attribute to an X509_CRL struct > call lastUpdate / nextUpdate. > > With the attribute certificate, I tried > d2i the returned attribute to an X509 struct > call X509_not_validBefore X509_not_validAfter > > but my program dies a horrible death. > > Am I using the correct struct for the attribute certificate? > OpenSSL doesn't currently support attribute certificates at all. The ASN1 parsing routines are probably choking when you try to call d2i_X509() because that will only handle certificates. Speaking personally I've seen lots of talk about attribute certificates and read various specs but I've yet to see a single example. I certainly wouldn't mind seeing one, if you don't mind sending it to me and it would help any future plans to add attribute certificate support to OpenSSL. Tha ASN1 side at least should be vastly less painful with the new code. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]