I need somebody who is an OpenSSL expert to answer the following
stupid question:
I can get the peer certificate, and the subject and issuer
by using:
X509 *peer;
peer = SSL_get_peer_certificate(ssl);
if( peer ){
if( X509_NAME_oneline( X509_get_subject_name( peer ),
buffer, sizeof(buffer) ) ){
DEBUG1("Accept_SSL_connection: subject '%s'", buffer );
if( info ) Set_str_value(info,AUTHFROM,buffer);
}
if( X509_NAME_oneline( X509_get_issuer_name( peer ),
buffer, sizeof(buffer) ) ){
if( info ) Set_str_value(info,ISSUER,buffer);
DEBUG1("Accept_SSL_connection: issuer '%s'", buffer );
}
/* the SSL_get_peer_certificate man page indicates that
this memory is not freed */
X509_free(peer); peer = 0;
}
(Note the rough file marks on the code where I removed the identification.)
How do I walk up the certificate CHAIN and get the issuers for
each certificate?
I swear that I saw an example of this in my readings, but I cannot put
my fingers on the code.
Patrick Powell
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
