hi again,
here is a dummy example that reads the key usage extension from a
certificate.
thanks Steve.
regards,
aleix
==============================================
int
main(int argc, char** argv)
{
FILE* in;
int pos;
int crit;
X509* cert;
X509_EXTENSION* ext;
ASN1_BIT_STRING* key_usage;
int digitalSignature, nonRepudiation, keyEncipherment;
int dataEncipherment, keyAgreement, keyCertSign;
OpenSSL_add_all_algorithms();
in = fopen(argv[1], "r");
if (in == NULL)
{
printf("unable to open file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(in, NULL, NULL, NULL);
if (cert == NULL)
{
printf("error reading certificate\n");
exit(1);
}
printf("certificate OK\n");
pos = X509_get_ext_by_NID(cert, NID_key_usage, -1);
ext = X509_get_ext(cert, pos);
if (ext == NULL)
{
printf("key usage extension not found!\n");
exit(1);
}
printf("key usage extension found!\n");
crit = X509_EXTENSION_get_critical(ext);
printf("critical: %d\n", crit);
key_usage = (ASN1_BIT_STRING*) X509V3_EXT_d2i(ext);
digitalSignature = ASN1_BIT_STRING_get_bit(key_usage, 0);
nonRepudiation = ASN1_BIT_STRING_get_bit(key_usage, 1);
keyEncipherment = ASN1_BIT_STRING_get_bit(key_usage, 2);
dataEncipherment = ASN1_BIT_STRING_get_bit(key_usage, 3);
keyAgreement = ASN1_BIT_STRING_get_bit(key_usage, 4);
keyCertSign = ASN1_BIT_STRING_get_bit(key_usage, 5);
printf("digitalSignature: %d\n", digitalSignature);
printf("nonRepudiation: %d\n", nonRepudiation);
printf("keyEncipherment: %d\n", keyEncipherment);
printf("dataEncipherment: %d\n", dataEncipherment);
printf("keyAgreement: %d\n", keyAgreement);
printf("keyCertSign: %d\n", keyCertSign);
EVP_cleanup();
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
