Chandu wrote:
>
> Hi,
> Iam facing a problem regarding the extracting the Extended Key usage
> attribute.
> My requirement is to know if Extended Key Usage attribute Nid_OCSP_sign is
> present.
> I tried the following way
>
> X509 *pCert; /* The certificate */
> int iVal;
>
> iVal = X509_get_ext_by_NID(pCert, NID_OCSP_sign, -1);
> if(iVal >= 0)
> printf("Extended Key Usage Attribute NID_OCSP_sign present");
>
> Here Iam getting iVal as -1 indicating that it is not present.
>
> But when I try to print the certificate using X509_print(), I can see this
> extension present. Is there anything wrong with the code Iam using ?
>
> I request you to help me in finding the bug.
>
> Awaiting your valuable response...
>
You need to extract and decode the extended key usage extension using
X509_ext_get_d2i() and check to see if the particular usage is present.
The code in crypto/x509v3/v3_purp.c in x509v3_cache_extensions() does
this kind of thing.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
