Andy Schneider wrote: > > Does anyone have any canned code I could steal that does IP address > validation. I.e. grabs the IP address from the alt subject name and > compares it against the IP of the incoming socket? >
No I don't. But in outline you need to extract and decode the subject alt name extension (see doc/openssl.txt) this will give you a STACK_OF(GENERAL_NAME). Then search for the ip address type and, if found, extract and compare. Theres a function that extracts email addresses from the subject name and subject alt name extensions (its used by the x509 utility) which should be easy enough to adapt. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]