Re: Extracting certificate start and end dates

Niels Stevens Tue, 08 Jun 2010 02:29:21 -0700

Hey,

I'm not extracting the start or end date but the domain name maybe this piece 
of code could help :
I'm extracting the certificate from a PKCS#7 object but if you already have the 
X509 it shouldn't be a problem.
I think you should take a look at X509_NAME_get_index_by_NID in de second if.


X509 *userCert                                                  = NULL;
                STACK_OF(PKCS7_SIGNER_INFO) *stack_pkcs7_si    = NULL;
                PKCS7_SIGNER_INFO *pkcs7_si                             = NULL;
                X509_NAME *subject                                              
= NULL;
                int position                                                    
= 0;
                X509_NAME_ENTRY *entry                                  = NULL;
                ASN1_STRING *asn1Data                                   = NULL;
                unsigned char *entryString                              = NULL;

if (!(stack_pkcs7_si = PKCS7_get_signer_info(pkcs7)) || 
                        !(pkcs7_si = sk_PKCS7_SIGNER_INFO_pop(stack_pkcs7_si)) 
|| 
                        !(userCert = PKCS7_cert_from_signer_info(pkcs7, 
pkcs7_si)))
                {
                        //remove signers stack 
                        PKCS7_SIGNER_INFO_free(pkcs7_si);
                        sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si);
                        return false;
                }
                
                PKCS7_SIGNER_INFO_free(pkcs7_si);
                sk_PKCS7_SIGNER_INFO_free(stack_pkcs7_si);

if(!(subject = X509_get_subject_name(userCert)) || 
                   !(position = 
X509_NAME_get_index_by_NID(subject,NID_commonName, -1)) ||
                   !(entry = X509_NAME_get_entry(subject, position)) || 
                   !(asn1Data = X509_NAME_ENTRY_get_data(entry)) ||
                   !(entryString = ASN1_STRING_data(asn1Data)))
                {
                        ASN1_STRING_free(asn1Data);
                        //X509_NAME_ENTRY_free(entry);
                        //X509_NAME_free(subject);
                        //X509_free(userCert);
                        return false;
                }
                std::string cert_domain((const char *)entryString);
                
                //remove all object
                ASN1_STRING_free(asn1Data);
                //X509_NAME_ENTRY_free(entry);
                //X509_NAME_free(subject);
                //X509_free(userCert);

Op 8-jun-2010, om 02:02 heeft Dallas Clement het volgende geschreven:

> Hi All,
> 
> I am trying to crack open a certificate and print out the start and
> expire dates to a debug log message.
> 
> I found these two nifty functions X509_get_notBefore() and
> X509_get_notAfter() which return a pointer to a ASN1_TIME struct.
> 
> I'm not sure where to go from here.  I would like to be able to
> convert the ASN1_TIME to a time_t struct or something.
> 
> Would one of you experts please advise the best approach?
> 
> Thanks,
> 
> Dallas
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org

Re: Extracting certificate start and end dates

Reply via email to