Thanks Steve, this is what I came up with yesterday... (untested as yet) I'll put that X509_get1_email() trick into it.
Thanks again for your reply... void dumpCertificate(X509 *cert, char *fileName) { char buf[1024]; int ret; X509_NAME *subj = X509_get_subject_name(cert); X509_NAME *issuer = X509_get_issuer_name(cert); FILE *fp; fp = fopen(fileName,"w"); if (!fp) return; /* check expiry dates */ if (X509_cmp_current_time(X509_get_notBefore(cert)) >= 0) { fprintf(fp, "DateValid: false, Certificate date not yet valid"); } else if (X509_cmp_current_time(X509_get_notAfter(cert)) <= 0) { fprintf(fp, "DateValid: false, Certificate date expired"); } else fprintf(fp, "DateValid: true"); /* Subject commonName */ ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, 1024); fprintf(fp, "Subject.CommonName: %s",(ret < 1)?"":buf); /* Subject Organization name */ ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_organizationName, buf, 1024); fprintf(fp, "Subject.OrganizationName: %s",(ret < 1)?"":buf); /* Subject Email Address */ ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_pkcs9_emailAddress, buf, 1024); fprintf(fp, "Subject.Email: %s",(ret < 1)?"":buf); /* Issuer Organization name */ ret = X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), NID_organizationName, buf, 1024); fprintf(fp, "Issuer.Email: %s",(ret < 1)?"":buf); fclose(fp); } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Phillip J Whillier. Senior software engineer Ruling Software [EMAIL PROTECTED];[EMAIL PROTECTED] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]