Hi Kenny:
On April 14, 2011 07:41:51 pm you wrote:
>
> Here is the alternative I have so far:
>
> CERTIFICATEPOLICIES *cp;
> if ((cp = (CERTIFICATEPOLICIES*) X509_get_ext_d2i(X509cert,
> NID_certificate_policies, NULL, NULL)) == NULL) {
> printMsg("decodeX509cert: no policies found");
> } else {
> printMsg("decodeX509cert: found policies");
> }
>
> The output shows "decodeX509cert: found policies" so I know the policies
> are there. How do I convert cp into text that I can search using strstr or
> such? Thanks,
The first thing that I would say is that you PROBABLY don't want the
qualifiers. They may change without notice, and are probably NOT what you want
to match on. It would be FAR more reliable to just match on the Policy OIDs,
since those won't change over time very much (at least, not in any sane policy
environment, and I know that Boeing is playing in the US Federal and CertiPath
spaces, so that is a pretty sane environment :)
To grab the Policy OIDs, just enumerate through the STACK of POLICYINFO that
is what your cp variable is, and then pull out the policyid element of each.
If you need to convert it to a string, I think the right call is
OBJ_obj2txt().
If you really feel that you want the QUALIFIERS (but, I would REALLY recommend
against it), then you would take each POLICYINFO, and enumerate through the
"qualifiers" member, and see which of those is the right thing for you.
Conversion from an ASN1_STRING to a char* suitable for strstr comparison
should be fairly straightforward at that point.
(hint: look in the OpenSSL x509v3.h file to see how all of these relate.)
I would, however, strongly recommend just to match on OID values, and not on
any other part of the certificatePolicy extension.
Have fun!
--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]