Peter Sylvester wrote: > > >> There is some non-portable code round there that accesses extensions >> in a most >> convoluted fashion for some unknown reason. >> > the stuff in ..vars.c ssl_ext_list?
Well that too but was mainly thinking of the extension handling code in ssl_util_ssl.c the loops in SSL_X509_getBC et al can be replaced by a single call to X509_get_ext_d2i which has been in existence as long as X509_EXT_d2i. SSL_X509_getCN is rather suspect too: it ignores the string type of commonName entries. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
