Dr Stephen Henson пишет:
Zhumabekov Yerden wrote:
I just want to have some directive in
configuration file which is useful to
check _if_ the extension of certain OID
is present in user's supplied certificate.
That's simple, but mod_ssl cannot do
that simple check.
Ah I see. The code in the trunk seems to have this functionality already: it
uses ASN1_STRING_print if X509V3_EXT_print fails. I'd guess this is to mirror
the behaviour of X509V3_extensions_print in OpenSSL.
Oh, thanks. I will have a look at latest code.
There are other ways of doing things though. The default behaviour is to return
an error with an unsupported or invalid extension. By passing an appropriate
flag to X509V3_EXT_print it can print out a warning message, ASN1 parse the
result or perform a hex dump of the encoded value.
Well, actually, I don't care about the value of extension, I just want
to know if it's there or not. :)
I'd say ASN1 parse is probably the most appropriate thing to do or possibly have
a configuration option.
Thanks, I'll dig it in that way.
--
Yerden
