Re: LPRng: Need an OpenSSL expert

Thu, 13 Jun 2002 01:44:10 -0700 

Patrick Powell wrote:
> 
> I need somebody who is an OpenSSL expert to answer the following
> stupid question:
> 
> I can get the peer certificate, and the subject and issuer
> by using:
> 
>         X509 *peer;
>         peer = SSL_get_peer_certificate(ssl);
>         if( peer ){
>             if( X509_NAME_oneline( X509_get_subject_name( peer ),
>                 buffer, sizeof(buffer) ) ){
>                 DEBUG1("Accept_SSL_connection: subject '%s'", buffer );
>                 if( info ) Set_str_value(info,AUTHFROM,buffer);
>             }
>             if( X509_NAME_oneline( X509_get_issuer_name( peer ),
>                 buffer, sizeof(buffer) ) ){
>                 if( info ) Set_str_value(info,ISSUER,buffer);
>                 DEBUG1("Accept_SSL_connection: issuer '%s'", buffer );
>             }
>             /* the SSL_get_peer_certificate man page indicates that
>                 this memory is not freed */
>             X509_free(peer); peer = 0;
>         }
> 
> (Note the rough file marks on the code where I removed the identification.)
> 
> How do I walk up the certificate CHAIN and get the issuers for
> each certificate?
> 
> I swear that I saw an example of this in my readings,  but I cannot put
> my fingers on the code.
> 
> Patrick Powell
(I work on openssl since '96)
Why you want the issuer ? Openssl can check the validity of a cert,checking against a 
arbitrary long cert chain (if configured) assuring
that the cert in SSL connection is valid at all.

Bye.
-- 
Dott. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)
 Member of the Internet Society

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address

If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
to subscribe to a list with name LIST,  send mail to [EMAIL PROTECTED]
with:                           | example:
subscribe LIST <mailaddr>       |  subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr>     |  unsubscribe lprng [EMAIL PROTECTED]

If you have major problems,  send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------

Reply via email to