Jason Wang wrote:
>
> I tried to use the function,
>
> gens = X509_get_ext_d2i(x509,NID_netscape_comment,NULL,NULL);
>
> just like the X509_get1_email() does to extract the value of the
> extension.
>
> but null returned.
>
> is it the right way to extract the netscape comment value out of the
> X509 cert?
>
Well the actual 'value' of the extension is an ASN1_IA5STRING structure
other than that it should work. See doc/openssl.txt for more info on
finding the reason for failure. In newer versions of OpenSSL the only
likely cause of failure is that the extension isn't present.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
