This (of course) worked. I have three further questions.
1 - Am I correct that "data" points to the internal structure, and so
"skid" should not be freed until I'm done with "data"?
2 - For my education, I thought that d2i calls converted from DER to
openssl internal format. Yet, the input "subject" is an X509*, the
internal format.
3 - Are these calls documented? They're not in my usual starting point
https://www.openssl.org/docs/man1.0.1/crypto/
nor are they on the X509 page.
On 9/22/2015 1:25 AM, Viktor Dukhovni wrote:
On Mon, Sep 21, 2015 at 06:29:02PM -0400, Ken Goldman wrote:
How can I programmatically get the Subject Key Identifier as a byte array
from an X509 certificate.
Unless I'm mistaken:
size_t len;
unsigned char *data;
ASN1_OCTET_STRING *skid;
skid = X509_get_ext_d2i(subject, NID_subject_key_identifier, NULL, NULL);
len = ASN1_STRING_length(skid);
data = ASN1_STRING_data(skid);
... Take unspeakable liberties with "data" and "len" ...
ASN1_OCTET_STRING_free(skid);
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
