I am confused about how to check a key usage extension. I see that ca_check "calls" ku_reject, which uses the X509 ex_flags element. Is it necessary to use the ku_reject method or is it possible to call d2i_ASN1_BIT_STRING (to decode the KeyUsage BIT STRING) and then ASN1_BIT_STRING_get_bit to check specific bits? I am guessing there is a "history lesson" here. Does anyone know? Frank ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
