There is no single OID for Extended Validation. The members of CA/Browser Forum (CABF) define their own, and then petition the browsers for EV acceptance. The browsers then add the root certificate to their internal EV tables, along with the OID they use for EV.
Since OpenSSL does not include root certificates (and does not operate its own root program), it has no means of knowing whether any given root can be trusted for EV, or what that root's defined EV OID might be. The CABF doesn't provide a single platform or source for validation, auditing, or enforcement. Everything is related to the browser members, which themselves are only approached for extended capabilities if they already have enough market share. This creates an "old-boy's club" that can't easily be broken into. iOS has its own certificate store, if I remember correctly. Perhaps Apple has a means to check the EV status of a root certificate and all of its intermediaries, as well as the end-entity. n.b. The rules for verifying and validating EV certificates are complex. They can be derived from (not specifically found in) the Extended Validation specification, from CABF. When last I looked several years ago, there were OCSP checking, certificate policy chain checking, individual certificate validity constraints on top of X.509/PKIX overlapping validity constraints, and several other things that I can't even recall. -Kyle H On Mon, May 12, 2014 at 7:59 AM, Steve Behrendt <steve.behre...@netlight.com > wrote: > Hi everyone, > > > I'm building an iOS application and trying to check if a certificate, > that a https-connection uses, is a EV certificate. > > > Does the OpenSSL-libary have a method that gives me that information, if > a given certificate is a EV certificate? > > > > I found the method > > X509_get_ext_d2i(certificateX509, NID_certificate_policies, NULL, NULL) > > which returns some data depending of the NID provided. Since it is a > void-pointer, I don't know, which data type it returns. > > > Thanks heaps! > > Steve > > > Steve Behrendt > > > steve.behre...@netlight.com > > Netlight Consulting GmbH www.netlight.de > Residenzstr. 7, 80333 München > Mobile +49 160 4729799 > > Amtsgericht München, HRB 189944 > Umsatzsteuer-Identifikation: DE276206820 > Geschäftsführer: Felix Sprick > > Please consider the environment before printing this email. > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. >
