Re: X509 info

Tue, 14 Mar 2006 06:30:47 -0800 

On Tue, Mar 14, 2006, michael Dorrian wrote:

> Here is a function to do what you want that i just wrote today. At least i
> hope its what you want. Good luck!.
>   void ShowCerts(SSL* ssl)
> {   X509 *cert;
>    char buf[100];
>    /* get the server's certificate */
>  cert = SSL_get_peer_certificate(ssl);
>  if ( cert != NULL )
>     {      
>   /* issuer */ 
>   X509_NAME_get_text_by_NID(cert->cert_info->subject, NID_commonName, 
> buf,sizeof(buf));
>   printf("  Subject-CN: %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_commonName, 
> buf,sizeof(buf));
>   printf("  Issuer-CN:  %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_countryName, 
> buf,sizeof(buf));
>   printf("  Issuer Country:  %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_organizationName, 
> buf,sizeof(buf));
>   printf("  Issuer Organisation:  %s\n", buf);
>  }
>     else
>         printf("No certificates.\n");
> } 

That will print two fields with no indication of order. The function
X509_NAME_get_text_by_NID is really a legacy function and it can be confused
by the presence of things like BMPStrings in certificates. It also accesses
structures directly which is discouraged.

Back to the OP query. It depends on what you want to do.

If you just want to print out certificate in a human readable form as various
lines of text then X509_print_ex() will do the job.

If instead you want to extract each field and place it in something like a
dialog box then that's tricker and you need to decide which fields to place
where. The subject and issuer names can be handled by through the X509_NAME
functions, extensions would need to be handled as a special case.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to