RE: Checking the authkeyid and subkeyid!!

Wed, 21 Jul 2004 05:18:12 -0700 

I have tried to the following code..it crashes in
ASN1_OCTET_STRING_cmp()..
Any inputs??


------------------------------------------------------------------------
--

BOOL SSL_validate_AID_SID(X509 *dev_cert, UCHAR  *manu_buffer) {
        X509 *issuer_cert = NULL;
                AUTHORITY_KEYID *akid = NULL;
                ASN1_OCTET_STRING *skid = NULL;

        issuer_cert = d2i_X509(NULL,&manu_buffer,(long) (2048));

                akid = X509_get_ext_d2i(dev_cert,
NID_authority_key_identifier,NULL, NULL);
                if (!akid) {
                printf("Error: AUTORITY key IDENTIFIER is Not present");
                        return 0;
             }

                skid =X509_get_ext_d2i(issuer_cert,
NID_subject_key_identifier, NULL, NULL);
                /* Check key ids (if present) */

                ASN1_OCTET_STRING_cmp(akid->keyid, skid);



                        AUTHORITY_KEYID_free(akid);


                return 0;
}
------------------------------------------------------------------------
------------------------------


>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Dr.
>Stephen Henson
>Sent: Wednesday, July 21, 2004 4:52 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Checking the authkeyid and subkeyid!!
>
>
>On Wed, Jul 21, 2004, Amar Desai wrote:
>
>> You can use something like this...
>>
>> ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid);
>>
>
>You also need to call X509_check_purpose(cert, -1, 0) just to
>ensure the fields were filled in if you did things that way
>though I'd recommend using
>X509_get_ext_d2i() instead.
>
>Also akid->keyid is an OPTIONAL field so a check should be
>made to see if it is NULL first.
>
>> Look into the X509_check_issued() function and see if it satisfies
>> your
>> requirements.
>>
>
>Yes that's probably easiest. It does some other checks too
>though but if the two certificates are valid theses shouldn't
>cause problems.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>




Confidentiality Notice

The information contained in this electronic message and any attachments to this 
message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged 
information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL 
PROTECTED] immediately
and destroy all copies of this message and any attachments.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to