On Fri, Nov 24, 2006, Michael Stephan wrote: > Hallo, > > is it possible (i know it is but not to me at the moment ): ), to > "easily" retrieve the OCSP URI from a X509 v3 certificate extension > list? > > X509v3 extensions: > .. > Authority Information Access: > OCSP: URI:http:http://ocsp.com > .. > > Would be great if you can help me with a tiny code snippet. >
While not trivial it is relatively straight forward. You first need to retrieve the AIA extension using X509_get_ext_d2i(). The retrieved structure is a STACK_OF(ACCESS_DESCRIPTION). You look through that for a method which matches the OCSP OID and the URI (assuming it is the correct type) is in the "location" field. Actually it makes sense to have a function to do this so the 'ocsp' utility can automatically use the correct URI. I'll look into adding one. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
