These scripts are great thank you very much to all involved who
contributed (no e-mail address for 'mastrboy'). . I'm considering
spending some time adding additional functionality:
--
In addition to simply parsing the date and comparing the date/time, I'd
like to test the validity of the X.509 Cert against it's PKI
infrastructure using the OpenSSL routines.
I'm pretty sure that this can be accomplished by checking the result code
of openssl 's_client' or 'verify'; both permit for -CApath and -CAfile.
For internal PKI, this is pretty straightforward; just specify your
organization's Root CA Cert.
For public cert verification; it gets tricky because you have to take a
certificate store like the Mozilla NSS/NSPR default and convert it into
OpenSSL c_rehash format -- taking ideas on that here.
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt
Thoughts?
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
