Ø X509_get_ext_d2i(certificateX509, NID_certificate_policies, NULL, NULL)
Ø which returns some data depending of the NID provided. Since it is a void-pointer, I don't know, which data type it returns. According to x509v3/pcy_cache.c, it returns a pointer to CERTIFICATEPOLICIES. According to x509v3.h that’s a stack of POLICYINFO, which is also defined in that header, and most notably includes an ASN1_OBJECT which is the policyid. According to http://en.wikipedia.org/wiki/Extended_Validation_Certificate every CA uses its own policy id and there’s a table there. You might also look at the Chrome and/or Firefox sources to see what they use. Hope this helps. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: [email protected]<mailto:[email protected]>; Twitter: RichSalz
