Re: Extracting certificate start and end dates
Hey,
I'm not extracting the start or end date but the domain name maybe this piece
of code could help :
I'm extracting the certificate from a PKCS#7 object but if you already have the
X509 it shouldn't be a problem.
I think you should take a look at X509_NAME_get_index_by_NID in de second if.
X509 *userCert = NULL;
STACK_OF(PKCS7_SIGNER_INFO) *stack_pkcs7_si= NULL;
PKCS7_SIGNER_INFO *pkcs7_si = NULL;
X509_NAME *subject
= NULL;
int position
= 0;
X509_NAME_ENTRY *entry = NULL;
ASN1_STRING *asn1Data = NULL;
unsigned char *entryString = NULL;
if (!(stack_pkcs7_si = PKCS7_get_signer_info(pkcs7)) ||
!(pkcs7_si = sk_PKCS7_SIGNER_INFO_pop(stack_pkcs7_si))
||
!(userCert = PKCS7_cert_from_signer_info(pkcs7,
pkcs7_si)))
{
//remove signers stack
PKCS7_SIGNER_INFO_free(pkcs7_si);
sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si);
return false;
}
PKCS7_SIGNER_INFO_free(pkcs7_si);
sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si);
if(!(subject = X509_get_subject_name(userCert)) ||
!(position =
X509_NAME_get_index_by_NID(subject,NID_commonName, -1)) ||
!(entry = X509_NAME_get_entry(subject, position)) ||
!(asn1Data = X509_NAME_ENTRY_get_data(entry)) ||
!(entryString = ASN1_STRING_data(asn1Data)))
{
ASN1_STRING_free(asn1Data);
//X509_NAME_ENTRY_free(entry);
//X509_NAME_free(subject);
//X509_free(userCert);
return false;
}
std::string cert_domain((const char *)entryString);
//remove all object
ASN1_STRING_free(asn1Data);
//X509_NAME_ENTRY_free(entry);
//X509_NAME_free(subject);
//X509_free(userCert);
Op 8-jun-2010, om 02:02 heeft Dallas Clement het volgende geschreven:
Hi All,
I am trying to crack open a certificate and print out the start and
expire dates to a debug log message.
I found these two nifty functions X509_get_notBefore() and
X509_get_notAfter() which return a pointer to a ASN1_TIME struct.
I'm not sure where to go from here. I would like to be able to
convert the ASN1_TIME to a time_t struct or something.
Would one of you experts please advise the best approach?
Thanks,
Dallas
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Extracting certificate start and end dates
On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Extracting certificate start and end dates
On Tue, Jun 08, 2010, Christian Hohnstaedt wrote: On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Yes that would work fine. There isn't a function to convert to time_t at present, the actual year range of ASN1_TIME (0 to ) far exceeds that of time_t (at least the more common 32 bit version). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Extracting certificate start and end dates
Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. I found these two nifty functions X509_get_notBefore() and X509_get_notAfter() which return a pointer to a ASN1_TIME struct. I'm not sure where to go from here. I would like to be able to convert the ASN1_TIME to a time_t struct or something. Would one of you experts please advise the best approach? Thanks, Dallas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
