What I want is only the nonce, not the whole ASN1 structure. I don't know which is the best way to parse it.
First, I get the X509_EXTENSION from the OCSP_RESPONSE bs = OCSP_response_get1_basic(response) resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1) resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx) Then I tried to use : BIO* bio = BIO_new(BIO_s_mem()); ASN1_STRING_print(bio, resp_ext->value); But what I've got is the whole ASN1 structure, not only the nonce itself. The only solution I've thought of is in the following lines : const unsigned char* p = resp_ext->value->data; int tag; int xclass; long len; ASN1_get_object(&p,&len,&tag,&xclass, resp_ext->value->length); Then p points to the real nonce and len is its length. resp_ext->value->length - len == the length of the ASN1 tag preceding the nonce Is this a good solution? I think that ASN1_get_object is a too low level function and I think there should be a better solution. ----------------------------- Slon.bg ™ Симпатичният магазин за книги, DVD, игри и музика http://www.slon.bg ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
