Ø X509_get_ext_d2i(certificateX509, NID_certificate_policies, NULL, NULL)
Ø which returns some data depending of the NID provided. Since it is a void-pointer, I don't know, which data type it returns. According to x509v3/pcy_cache.c, it returns a pointer to CERTIFICATEPOLICIES. According to x509v3.h that’s a stack of POLICYINFO, which is also defined in that header, and most notably includes an ASN1_OBJECT which is the policyid. According to http://en.wikipedia.org/wiki/Extended_Validation_Certificate every CA uses its own policy id and there’s a table there. You might also look at the Chrome and/or Firefox sources to see what they use. Hope this helps. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me<mailto:rs...@jabber.me>; Twitter: RichSalz
