"Hellan,Kim KHE" wrote: > > I have an X.509v3 certificate already loaded into an X509 structure. > I want to "test it" for different extensions. > For example: I want to test if it has a KeyUsage extension, if it does, I > want to test if DigitalSignature is defined in this extension. > > What is the best/easiest way to accomplish that? > Well there is a way documented in doc/openssl.txt but there is an easier way using X509_get_ext_d2i(). This isn't currently documented but the comment in crypto/x509v3/v3_lib.c in X509V3_get_d2i() gives a fair idea of how it works. You get back an ASN1_BIT_STRING and you can then test individual bits using ASN1_BIT_STRING_get_bit(). Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
