Hi Bear, > Mark wrote: > > What feature of a certificate could I use to provide an unique key > > in a database table for this? How could this be extracted in a > > program? > > The Common Name. You could use it as an LDAP key, convert it to a > string and use that a key into a database, etc.
How can this be done? I can find virtually no documentation on the relevant X509 functions. I know I can get a pointer to an X509 object using SSL_get_peer_certificate(...) but I don't know how to read certificate parameters from this. > One important nit -- you want to verify the issuer and should > actually check (issuer, common name) instead of just your common > name. It reduces to the CN alone if you only accept your own > certificates. > > If you don't check the issuer you're vulnerable to black hats > generating their own certificates and using them to gain access. I'm not sure I understand this. We are acting as the CA so noone else should be able to sign certificates? Cheers, Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
