On Mon, Jul 05, 2004, Marcus Carey wrote:
>
>
<snip>
>
>
> cnt = X509_get_ext_count(cert);
> pos = X509_get_ext_by_NID(cert, NID_key_usage, -1);
> keyUsage = X509_get_ext(cert,pos);
>
> /* This is just a generic print key usage function */
> /* See the OpenSSL source for more details */
> /* See v3_prn.c openssl/crypto/x509v3/v3_prn.c */
>
> method = X509V3_EXT_get(keyUsage);
>
> if(method->it)
> Usage =
> ASN1_item_d2i(NULL,&keyUsage->value->data,keyUsage->value->length,
> ASN1_ITEM_ptr(method->it));
> else
> Usage = method->d2i(NULL, &keyUsage->value->data,
> keyUsage->value->length);
>
Don't do this. The calls in internal library files make use of structure
internals which aren't guaranteed to change. Some source lifted code from
v3_prn.c before which crashed when the new ASN1 code was written.
All of the preceding code can be replaced with the portable call:
Usage = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
> if(method->i2v)
> {
>
> int cnt = 0;
> nval = method->i2v(method, Usage, NULL);
> cnt = sk_CONF_VALUE_num(nval); // The number of key usage
> extensions
> uval = sk_CONF_VALUE_value(nval, 0); // First ext
> printf("%s\n",uval->name); /* You can save uval->name to a buffer
> or use a pointer value */
> uval = sk_CONF_VALUE_value(nval, 1); // Second ext
> printf("%s\n",uval->name);
>
> }
>
> }
>
Similar comment above. If the OP just wants a human readable version of the
extension a memory BIO and printing the extension to it will do.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
