On Wed, Jul 21, 2004, [EMAIL PROTECTED] wrote: > > I am seeing that akid->keyid as NULL always but i am sure that akid is a > valid structure. It is a valid certificate and authority key identifier is > also present, in that case i am wondering how can i get the akid->keyid as a > NULL? Do i need to call any function to update akid structure apart from > X509_get_ext_d2i()? >
If akid->keyid is NULL then the key identifier isn't present. Its only an OPTIONAL field. AKID can suggest the issuer in one of two ways, by the key id in the issuer's certificate, by the isssuer name and serial number of the issuer's certificate or both. If akid->keyid is NULL then presumably they've use the issuer name and serial number option. If those fields are also zero then the AKID is invalid but OpenSSL tolerates this in current versions. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
