On Wed, May 16, 2007, Christopher Kunz wrote: > Bruce Stephens schrieb: > > X509_get_ext_count(), X509_get_ext(), and the usual stack macros > > STACK_OF(X509_EXTENSION), sk_X509_EXTENSION_push() and so on, I guess. > > > > That does the trick. However, I'm stumped at how to convert an extension > value back to a string. I call > obj = X509_EXTENSION_get_object(ext); > data = X509_EXTENSION_get_data(ext); > and now have both the ASN.1 structure in an ASN1_OBJECT as well as its > data in an ASN1_OCTET_STRING (at least if the documentation I googled is > accurate). > > How do I get back from the octet string to a normal ascii string? The > extension was put into the certificate with the following code: > > ASN1_OCTET_STRING *ex_oct = NULL; > ex_oct = ASN1_OCTET_STRING_new(); > ASN1_OCTET_STRING_set(ex_oct,policy,-1); > > Is there any up-to-date complete documentation available for the full > function set of OpenSSL? For some of the stuff, like ASN.1 manipulation, > I can't even find anything on Google... >
Well it depends on what you are doing. Setting raw unstructured data in the value of an X509_EXTENSION is illegal. It has to be an ASN.1 structure. So you can (for example) embed an OCTET STRING inside the extension value and that's fine. If it is an ASCII string though an IA5 of a UTF8 string would be more appropriate. However to answer your question... once you have the extension value as an ASN1_OCTET_STRING you can the contents using ASN1_STRING_data() and ASN1_STRING_length() functions. Note that there are utility functions to search for extensions of a given type (see docs) so you don't have to interate through them manually. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
