On Fri, Nov 28, 2003, Maria Dolores Moral wrote:
> Hello list,
> Iīm working in my end of degree project, itīs about security, and of course
> Iīm working with openssl. I need to obtain a value of authority key
> identifier, which identificate this from the others,and I have a X509v3
> certificate as input.
>
> I have try on with ...
>
>
>
> if ((fp =fopen(certUser,"r")) == NULL) {
> perror("ERROR al leer el fichero con el certificado");
> exit(1);
> }
>
> x = PEM_read_X509 (fp,NULL,NULL,NULL);
> /* Obtain CA */
> loc= X509_get_ext_by_NID(x,OBJ_sn2nid("authorityKeyIdentifier"),-1);
> keyid=X509v3_get_ext(x,loc);
> //X509V3_EXT_print (out, keyid, 0, 0);
> //printf("Object %d %s
> ",X509_EXTENSION_get_object(keyid),X509_EXTENSION_get_data(keyid));
>
> #define x509_get_CA(x) ((x)->akid->keyid)
> //printf("Object %s ",x509_get_CA(x));
> //X509V3_EXT_print (out, keyid, 0, 0);
> //X509V3_EXT_d2i(keyid);
>
>
> ... but I couldnīt obtain any value.
>
> I have obtain a certificate with: openssl req -new -x509 -out
> cert.pem -newkey rsa:1024 -nodes -keyout key.pem but it hasnīt be signed by
> anyone.
>
> If someone has got an idea ... you are very welcome to share it with me! ;-)
> Thanks a lot
> See you by the openssl
>
The extension code is documented in doc/openssl.txt the function you need is
X509_get_ext_d2i() this will return an AUTHORITY_KEYID structure defined in
x509v3.h
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
