On Fri, Oct 25, 2002, Edward Chan wrote: > Yikes, thanks for the heads up. When you say not > portable, do you mean with future versions of openssl, > or not portable across platforms? >
It wont work in future versions of OpenSSL. It wont in 0.9.7. > Can you point me to some good examples of how to use > those X509 API's to do a post connection check? > As I mentioned in my other message, check out X509_get1_email() which accesses subjectAltName to retrieve email addresses. Also check the docs in doc/openssl.txt. What you are want is fairly easily accomplished: all you really need to do is to call X509_get_ext_d2i() using NID_subjectAltName and just look through the returned stucture (which is STACK_OF(GENERAL_NAME) for the entries you want. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
