Thanks Florian I did go ahead and parsed them, I last question please, in a chain sometimes only the intermediate certificates are returned and at other times the intermediate chains and the root certificate is returned, at least based on digcerts ssl testing utility, how can I differ between an intermediate certificate and a root certificate ? Regards
On Sun, Nov 11, 2012 at 10:01 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Ali Jawad: > >> For example in the below : >> >> echo "" | openssl s_client -CAfile ./mozilla-root.crt -showcerts >> -connect ssl.com:443 | openssl x509 -text >> >> will only show the issuer/dates/etc information for the first >> certificate ssl.com and not for the subsequent certificates in the >> chain. > > I think you have to copy them manually from the output. > > If you want to do this programmatically, you should establish a TLS > connection, use the SSL_get_peer_cert_chain function to obtain the > certificates, and use the X509_* functions to extract the data you > need. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
