> From [EMAIL PROTECTED] Thu Jul 11 07:26:50 2002 > Date: Thu, 11 Jul 2002 16:20:58 +0200 > From: Lutz Jaenicke <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: Re: Getting the CERT chain > > On Thu, Jul 11, 2002 at 07:12:30AM -0700, Patrick Powell wrote: > > Question 1: > > > > Is there a simple way using exported (i.e. - available > > to general use via the openssl library and having definitions > > in openssl.h) OpenSSL functions to do the following: > > > > During the SSL connection process, if a user CERT has > > been presented, get the cert chain? > > SSL_get_peer_cert_chain().
Ahh!!! Excellent! The code in apps/s_client.c : static void print_stuff(BIO *bio, SSL *s, int full) does almost exactly what I was looking for... > > > Question 2: > > Now I just KNOW that I saw this, and everybody is going to laugh at this, > > but: > > > > If I have found a CERT using, say, peer = SSL_get_peer_certificate(ssl) > > as in the example above, and I have a list of CERTS in a file or > > directory (i.e. - as for the CA cert, etc), how can I check to see > > if the peer cert (in the example) is in this list or directory? > > > > I just KNOW that I saw this in some SSL or related code, but I cannot > > remember the exact details and searching has not found it again. > > OpenSSL itself uses hashes for comparison. If the hashes are identical, > so are the certificates. Ummm... is there an example piece of code that does the hash generation and then checks the certs? I just KNOW that I saw it somewhere. > > Best regards, > Lutz > -- > Lutz Jaenicke [EMAIL PROTECTED] > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > BTU Cottbus, Allgemeine Elektrotechnik > Universitaetsplatz 3-4, D-03044 Cottbus > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Patrick Powell Astart Technologies [EMAIL PROTECTED] 6741 Convoy Court Network and System San Diego, CA 92111 Consulting 858-874-6543 FAX 858-279-8424 LPRng - Print Spooler (http://www.lprng.com) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
