>Its not clear what you want to do from this 30/31 years business. The number of years difference between "Not Valid before and Not valid after" should not exceed 30 years in the certificates..How can I check it ?
Thanks Sakthi S G >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Dr. >Stephen Henson >Sent: Sunday, July 18, 2004 2:28 AM >To: [EMAIL PROTECTED] >Subject: Re: X.509 certificates invalid certiifcates. > > >On Thu, Jul 15, 2004, [EMAIL PROTECTED] wrote: > >> >> Hi., >> I am passing the certificates which will be valid for 31 years for >> openssl routines.. but the I need to have implementation that it >> should check only for 30 years..Is there any function available? >> Currently I am calling x509_verify() for this certificate >but it says >> it is valid.How can I check all fields (country, organisation, >> locality, unit) is present in the certificate? >> > >Its not clear what you want to do from this 30/31 years business. >X509_verify() by itself will just check the signature. >X509_verify_cert() will do a more complete chain verification >including extensions and expiry times. > >As for checking for the presence of certain fields you can do >that with the X509_NAME API. You could I suppose use the x509 >program and parse the textual output but that's a bit yucky. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
