Re: Extracting certificate start and end dates
Hey, I'm not extracting the start or end date but the domain name maybe this piece of code could help : I'm extracting the certificate from a PKCS#7 object but if you already have the X509 it shouldn't be a problem. I think you should take a look at X509_NAME_get_index_by_NID in de second if. X509 *userCert = NULL; STACK_OF(PKCS7_SIGNER_INFO) *stack_pkcs7_si= NULL; PKCS7_SIGNER_INFO *pkcs7_si = NULL; X509_NAME *subject = NULL; int position = 0; X509_NAME_ENTRY *entry = NULL; ASN1_STRING *asn1Data = NULL; unsigned char *entryString = NULL; if (!(stack_pkcs7_si = PKCS7_get_signer_info(pkcs7)) || !(pkcs7_si = sk_PKCS7_SIGNER_INFO_pop(stack_pkcs7_si)) || !(userCert = PKCS7_cert_from_signer_info(pkcs7, pkcs7_si))) { //remove signers stack PKCS7_SIGNER_INFO_free(pkcs7_si); sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si); return false; } PKCS7_SIGNER_INFO_free(pkcs7_si); sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si); if(!(subject = X509_get_subject_name(userCert)) || !(position = X509_NAME_get_index_by_NID(subject,NID_commonName, -1)) || !(entry = X509_NAME_get_entry(subject, position)) || !(asn1Data = X509_NAME_ENTRY_get_data(entry)) || !(entryString = ASN1_STRING_data(asn1Data))) { ASN1_STRING_free(asn1Data); //X509_NAME_ENTRY_free(entry); //X509_NAME_free(subject); //X509_free(userCert); return false; } std::string cert_domain((const char *)entryString); //remove all object ASN1_STRING_free(asn1Data); //X509_NAME_ENTRY_free(entry); //X509_NAME_free(subject); //X509_free(userCert); Op 8-jun-2010, om 02:02 heeft Dallas Clement het volgende geschreven: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. I found these two nifty functions X509_get_notBefore() and X509_get_notAfter() which return a pointer to a ASN1_TIME struct. I'm not sure where to go from here. I would like to be able to convert the ASN1_TIME to a time_t struct or something. Would one of you experts please advise the best approach? Thanks, Dallas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Extracting certificate start and end dates
On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Extracting certificate start and end dates
On Tue, Jun 08, 2010, Christian Hohnstaedt wrote: On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Yes that would work fine. There isn't a function to convert to time_t at present, the actual year range of ASN1_TIME (0 to ) far exceeds that of time_t (at least the more common 32 bit version). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Extracting certificate start and end dates
Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. I found these two nifty functions X509_get_notBefore() and X509_get_notAfter() which return a pointer to a ASN1_TIME struct. I'm not sure where to go from here. I would like to be able to convert the ASN1_TIME to a time_t struct or something. Would one of you experts please advise the best approach? Thanks, Dallas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org