Bear Giles wrote: > > > Nothing. The trust settings aren't part of the certificate encoding. The > > current trust handling stores these after the main encoding only if the > > *TRUST() functions are used. > > As an aside my postgresql stuff currently uses the standard X509 routines > when converting from internal to external format (DER to PEM). Handling > "TRUSTED" certificates is on my TO-DO list, but there were too many unknowns. > > I guess the two questions come down to: > > 1) how do I determine this extra information is present? Is a non-null > x->aux value sufficient? >
That wil normally be sufficient but you don't really need to worry about whether its present or not. > 2) how do I encoded it - which i2d function? (Almost all of my I/O uses > macros calling a handful of generic functions, and I've found it much > easier to maintain the occasional exception in the same format.) You can use the d2i_X509_AUX() and i2d_X509_AUX() functions. These will handle the certificate and any trust information. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]