On Sun, Oct 25, 2009, Carl Harris wrote: > On Oct 25, 2009, at 2:57 PM, Carl Harris wrote: > >> I'm looking for an example of decoding the crlDistributionPoints >> extension; e.g. obtaining the specified URI (assuming that the value >> specifies a URI, that is). This seems like it should be easy. By digging >> around in the archives of this list, I've been able to figure out I can >> get the ASN.1-encoded value ... it seems like I want to go from >> ASN1_OCTET_STRING to a GENERAL_NAME structure, but I just can't seem to >> figure out how to get there. >> > > Thanks to sbg for pointing out that I want d2i_CRL_DIST_POINTS. This > returns STACK_OF(DIST_POINT), and it all comes together from there. >
It is rather simpler than that. You can get the decoded structure for any certificate extension using X509_get_ext_d2i(). You get additional checks that way such as seeing if the extension occurs more than once. There isn't a manual page for that function at present but some information is in doc/openssl.txt Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
