> From: owner-openssl-us...@openssl.org On Behalf Of sarym binome > Sent: Monday, 13 April, 2009 15:19
> i want to extract the the serial number or the subject name from an X509 certificate > i used X509_get_serialNumber but i don't know how can i use it , > i can't print it cause it's a struct It's an ASN1_INTEGER, which (like several ASN.1 types in openssl) is really an ASN1_STRING which is a byte string plus some flags, because the ASN.1 encoding of INTEGER is variable length and can contain values larger than C integer datatypes. See asn1.h. To simply display, if you have a BIO or can create one (possibly a mem_BIO) you can use i2a_ASN1_INTEGER. To manipulate a value that is small, as here, you can use ASN1_INTEGER_get . For a large (or potentially large) value, you can use openssl's bignums, or you can do something else e.g. write your own. The subject (or issuer) name is more complicated; it's actually an ASN.1 SEQUENCE of (OID, value) pairs, where each value may be one of several types of string. > this is my certificate > Certificate: > Data: > Version: 1 (0x0) > Serial Number: 3 (0x3) > Signature Algorithm: md5WithRSAEncryption > Issuer: CN=ARAN CA > Validity > Not Before: Mar 27 13:45:00 2009 GMT > Not After : Jul 25 13:45:00 2009 GMT > Subject: CN=0.0.0.3 If this is a CA with only trustworthy users (e.g. internal), as looks likely, OK. In a public setting (available to an adversary), a CA that signs with md5 and uses consecutive or otherwise predictable serials, and predictable validityperiods, can now easily be defrauded. (The latter two are normally true for the openssl trivial-CA.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
