Brian A. Seklecki
Wed, 11 Apr 2007 08:16:59 -0700
These scripts are great thank you very much to all involved who contributed (no e-mail address for 'mastrboy'). . I'm considering spending some time adding additional functionality:
--In addition to simply parsing the date and comparing the date/time, I'd like to test the validity of the X.509 Cert against it's PKI infrastructure using the OpenSSL routines.
I'm pretty sure that this can be accomplished by checking the result code of openssl 's_client' or 'verify'; both permit for -CApath and -CAfile.
For internal PKI, this is pretty straightforward; just specify your organization's Root CA Cert.
For public cert verification; it gets tricky because you have to take a certificate store like the Mozilla NSS/NSPR default and convert it into OpenSSL c_rehash format -- taking ideas on that here.
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt Thoughts? l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]