Re: How to extract NID?

Thu, 13 May 1999 10:27:47 -0700 

Of course, I'm looping over all extensions and checks for the
NID_ext_key_usage extension
and then do the things below. But your suggestion seems to be a little more
elegant.

It's not _that_ messy, once you have seen/done it, it's quite clear. The
problem is that there is
quite hard to find any (good) examples.

--Patrik


Dr Stephen Henson wrote:

> Patrik Carlsson wrote:
> >
> > Is this the _new_ definition of esoteric :-)
> > Anyway, thanks, it works...
> >
> > ...
> > obj = X509_EXTENSION_get_object (ex);
> > if (OBJ_obj2nid (obj) == NID_ext_key_usage)
> > {
> >     if ((stack = X509V3_EXT_d2i (ex)))
> >     {
> >         for (j = 0; j < sk_num (stack); j++)
> >         {
> >             ex_nid = OBJ_obj2nid ((ASN1_OBJECT *) sk_value (stack, j));
> >             if (ex_nid == NID_ms_sgc)
> >                 ...
> >             else if (ex_nid == NID_ns_sgc)
> >                 ...
> >         }
> >      }
> >
> >      sk_pop_free (stack, ASN1_OBJECT_free);
> > }
> >
>
> Basically it yes. I'm not sure what code you put before that but I'd
> guess you are checking each extension in turn for the right one. There
> is some pre-existing code that can do that for example:
>
> int idx = -1;
> for(;;) {
> idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, idx);
> if(idx < 0) break; /* Not found */
> ext = X509_get_ext(cert, idx);
> /* Do something with ext */
> }
>
> This assumes there might be more than one extension of the same type
> which is a bit naughty: so you can usually assume there will be only
> one.
>
> Hmmm I think this would be less messy if there was a combined function
> to get an extension and attempt to decode it...
>
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to