In message <[EMAIL PROTECTED]> on Mon, 05 Dec 2005 11:43:40 -0800, Matthew
Rodriguez DSD staff <[EMAIL PROTECTED]> said:
MKRodriguez> #include <openssl/x509v3.h>
MKRodriguez> #include <openssl/err.h>
MKRodriguez> #include <openssl/ssl.h>
MKRodriguez> static char * pci_value = "critical, language:Inherit all";
MKRodriguez>
MKRodriguez> int
MKRodriguez> main(int argc, char **argv){
MKRodriguez> X509_EXTENSION *ext =NULL;
MKRodriguez> X509V3_CTX *ctx;
MKRodriguez> LHASH *lhash;
MKRodriguez> SSL_library_init();
MKRodriguez> OpenSSL_add_all_ciphers();
MKRodriguez> OpenSSL_add_all_algorithms();
MKRodriguez> SSL_load_error_strings();
MKRodriguez> lhash = lh_new(NULL, NULL);
MKRodriguez> X509V3_set_conf_lhash(ctx, lhash);
MKRodriguez> ext = X509V3_EXT_conf(NULL, ctx, "proxyCertInfo", pci_value);
As Stephen already noticed, ext isn't a PROXY_CERT_INFO_EXTENSION*.
To get that, you need to do the following:
PROXY_CERT_INFO_EXTENSION *pci
/* ... */
pci = X509V3_EXT_d2i(ext);
MKRodriguez> if (ext == NULL){
MKRodriguez> ERR_print_errors_fp(stderr);
MKRodriguez> exit(-1);
MKRodriguez> }
MKRodriguez> X509V3_EXT_print_fp(stdout, ext, 0, 0);
MKRodriguez> X509_EXTENSION_free(ext);
MKRodriguez> /*X509V3_EXT_cleanup();
MKRodriguez> PROXY_CERT_INFO_EXTENSION_free((PROXY_CERT_INFO_EXTENSION
*)ext); */
And of course, freeing a X509_EXTENSION with a routine to free a
PROCY_CERT_INFO_EXTENSION won't work. Two different structures!
Plus, you have already free'd ext!
MKRodriguez> return 0;
MKRodriguez> }
Cheers,
Richard
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
