Peter Sylvester
Wed, 29 Jul 2009 12:58:58 -0700
Dr Stephen Henson wrote:
Peter Sylvester wrote:There is some non-portable code round there that accesses extensions in a most convoluted fashion for some unknown reason.the stuff in ..vars.c ssl_ext_list?Well that too but was mainly thinking of the extension handling code in ssl_util_ssl.c the loops in SSL_X509_getBC et al can be replaced by a single call to X509_get_ext_d2i which has been in existence as long as X509_EXT_d2i. SSL_X509_getCN is rather suspect too: it ignores the string type of commonName entries.
right, this is all called only to log the value in ssl_check_public_cert as far as I see. for the bc stuff, well X509_EXT_print may be worth to be considered.
Steve.