I have tried X509_get_ext_d2i akid = X509_get_ext_d2i(dev_cert, NID_authority_key_identifier,NULL, NULL) This returns AUTHORITY_KEYID structure..After that will ASN1_OCTET_STRING_cmp() serve the purpose?
>-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Dr. >Stephen Henson >Sent: Wednesday, July 21, 2004 4:52 PM >To: [EMAIL PROTECTED] >Subject: Re: Checking the authkeyid and subkeyid!! > > >On Wed, Jul 21, 2004, Amar Desai wrote: > >> You can use something like this... >> >> ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid); >> > >You also need to call X509_check_purpose(cert, -1, 0) just to >ensure the fields were filled in if you did things that way >though I'd recommend using >X509_get_ext_d2i() instead. > >Also akid->keyid is an OPTIONAL field so a check should be >made to see if it is NULL first. > >> Look into the X509_check_issued() function and see if it satisfies >> your >> requirements. >> > >Yes that's probably easiest. It does some other checks too >though but if the two certificates are valid theses shouldn't >cause problems. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]