Hi everyone,I created a version 2 CRL, which has the CRL Serial extension set and now I have to extract the serial number from the CRL to compare it. I already got as far as extracting the CRL extension by NID. But now extracting the actual value from the extension is unclear to me. The headers doesn't help very much.
Also, the OpenSSL book doesn't cover V3 extensions pretty well.
This is my code base so far:
/* CRL serial number is a X509v3 extension */
X509_CRL * crl;
int crl_ext_pos;
X509_EXTENSION * crl_ext;
FILE *fp;
CONF_VALUE *cnf;
ASN1_INTEGER *asn1_serno;
unsigned char *serno;
/* read CRL from file */
if (!(fp = fopen(filename.c_str(), "r"))) {
cerr << "SSL: Error opening CRL file: " << filename << endl;
return ByteVector();
}
/* read into CRL structure */
if ( !( crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL) ) ) {
cerr << "SSL: Error reading CRL into structure: " << filename
<< endl;
return ByteVector();
}
fclose(fp);
/* extract "X509v3 CRL Number" extension */
/* extensions NIDs NID_xxx_yyy are defined in openssl/objects.h */
/* get the position of the extension in the crl as an integer and
pass it to get_ext to finally receive the extension value */
crl_ext_pos = X509_CRL_get_ext_by_NID(crl, NID_crl_number, -1);
crl_ext = X509_CRL_get_ext(crl, crl_ext_pos);
I appreciate your help! Please CC my when answering, because I am not
on the list.
Thank you very much! Best, René
smime.p7s
Description: S/MIME cryptographic signature
