Hi Paul: Where you can start looking at:
X509_get_ext_by_NID() with NID_key_usage and NID_ext_key_usage And either parse out those extensions appropriately for their type OR use X509_print_ex() and get the textual "pretty" form, and do careful string comparisons against the output. Remember: Key Usage is a bit field, and should have the Digital Signature and Key Agreement bits set (assuming you are using RSA keypairs), and Extended Key Usage is a list of OIDs , and should have servAuth set. For what those values actually are, and the structure of the extensions, you should take a look at X.509, and IETF RFC 5280. If all else fails, the code in apps/x509.cc of the openssl code base should help you along. Have fun. Patrick. On September 7, 2010 09:17:24 am Paul Douglas wrote: > Hi Everyone, > > > I'm trying to figure out the required openssl c library calls to > check/verify if a certificate > supports Web Server Authentication. > > From the command line it looks like I could use > > > openssl x509 -purpose -in ./certificate -noout > > and then check for: > > SSL server : Yes > > I'd like to perform a similar verification from my application. > I've been searching for examples that indicate how to do this, but so > far I haven't > been able to find any. > > Any help would be greatly appreciated. > Thanks, > -P> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
