On Wed, Jul 21, 2004, Amar Desai wrote: > You can use something like this... > > ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid); >
You also need to call X509_check_purpose(cert, -1, 0) just to ensure the fields were filled in if you did things that way though I'd recommend using X509_get_ext_d2i() instead. Also akid->keyid is an OPTIONAL field so a check should be made to see if it is NULL first. > Look into the X509_check_issued() function and see if it satisfies your > requirements. > Yes that's probably easiest. It does some other checks too though but if the two certificates are valid theses shouldn't cause problems. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
