On Oct 25, 2009, at 5:59 PM, Dr. Stephen Henson wrote:
It is rather simpler than that. You can get the decoded structure
for any
certificate extension using X509_get_ext_d2i(). You get additional
checks that
way such as seeing if the extension occurs more than once.
True enough, this reduces the code snippet appreciably by eliminating
the rather tedious extension lookup fragment. My issue, of course,
was simply not knowing (and not being able to find any reference that
documents) the data type that would result from the d2i function for
this extension... but this is obviously simpler:
STACK_OF(DIST_POINT) *dps = X509_get_ext_d2i(cert,
NID_crl_distribution_points,
NULL, NULL);
/* extension not present or some decoding error... bail out */
}
assert(sk_DIST_POINT_num(dps) > 0);
DIST_POINT *dp = sk_DIST_POINT_pop(dps);
STACK_OF(GENERAL_NAME) *names = dp->distpoint->name.fullname;
assert(sk_GENERAL_NAME_num(names) > 0);
GENERAL_NAME *name = sk_GENERAL_NAME_pop(names);
if (name->type == GEN_URI) {
ASN1_IA5STRING *uri = name->d.uniformResourceIdentifier;
/* do something with the URI value... */
}
else {
/* some other type of name... */
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
