As per my previous mail, I am writing code that,
given a cert,
looks to see if it has an embedded OCSP Responder,
in order
to try and validate the cert with the given
Responder.
So, I am writing a routine that, given an X509
*cert, looks for
the OCSP Responder (all error checking omitted for
brevity)
AUTHORITY_INFO_ACCESS *aia;
X509 *cert;
int i;
ACCESS_DESCRIPTION *ad;
cert = get_cert();
aia = X509_get_ext_d2i(cert, NID_info_access, NULL,
NULL);
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(aia);
i++) {
ad =
sk_ACCESS_DESCRIPTION_num(aia);
if (ad->method->nid ==
NID_ad_OCSP) {
printf("found
an OCSP acess description\n");
if
(ad->location->type == GEN_URI) {
printf("OCSP access is through a URI");
printf("URI is: %s\n",
ad->location->d.ia5->data);
}
}
}
Unfortunately, the 'nid' field of ad->method is
always
coming out to 0, even though I am calling
X509_get_ext_d2i(),
which is supposed to decode the extension for
me,
in its entirety. What's odd is that the
ad->location seems
fully decoded, i.e. I can see that it is an
IA5STRING and
can print out the URI.
One other point: I know I am not supposed to
access
the ad->location->d.ia5->data in that way,
but I can't
figure out the appropriate way to access the
string.
Can someone give me some pointers on
accessing
the OCSP Responder URI and the
appropriate
ASN1 routines to use? Any help is greatly
appreciated.
cj
|