On Tue, Sep 07, 2010, Paul Douglas wrote: > Hi Everyone, > > > I'm trying to figure out the required openssl c library calls to > check/verify if a certificate > supports Web Server Authentication. > > From the command line it looks like I could use > > openssl x509 -purpose -in ./certificate -noout > and then check for: > > SSL server : Yes > > > I'd like to perform a similar verification from my application. > I've been searching for examples that indicate how to do this, but so far I > haven't > been able to find any. >
You can duplicate that functionality with the function X509_check_purpose(). In that case: rv = X509_check_purpose(cert, X509_PURPOSE_SSL_SERVER, 0); Should do the trick. If the return value is 1 it can be used if 0 it can't. Any other positive value indicates it is tolerated but not strictly according to standard. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
