Bear Giles wrote:
> 
> > Nothing. The trust settings aren't part of the certificate encoding. The
> > current trust handling stores these after the main encoding only if the
> > *TRUST() functions are used.
> 
> As an aside my postgresql stuff currently uses the standard X509 routines
> when converting from internal to external format (DER to PEM).  Handling
> "TRUSTED" certificates is on my TO-DO list, but there were too many unknowns.
> 
> I guess the two questions come down to:
> 
> 1) how do I determine this extra information is present?  Is a non-null
> x->aux value sufficient?
> 

That wil normally be sufficient but you don't really need to worry about
whether its present or not.

> 2) how do I encoded it - which i2d function?  (Almost all of my I/O uses
> macros calling a handful of generic functions, and I've found it much
> easier to maintain the occasional exception in the same format.)

You can use the d2i_X509_AUX() and i2d_X509_AUX() functions. These will
handle the certificate and any trust information.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to