On Thu, Jul 15, 2004, [EMAIL PROTECTED] wrote: > > Hi., > I am passing the certificates which will be valid for 31 years for > openssl routines.. but the I need to have implementation that it should > check only for 30 years..Is there any function available? Currently I am > calling x509_verify() for this certificate but it says it is valid.How > can I check all fields (country, organisation, locality, unit) is > present in the certificate? >
Its not clear what you want to do from this 30/31 years business. X509_verify() by itself will just check the signature. X509_verify_cert() will do a more complete chain verification including extensions and expiry times. As for checking for the presence of certain fields you can do that with the X509_NAME API. You could I suppose use the x509 program and parse the textual output but that's a bit yucky. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
