Certificate path validation.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Certificate path validation.

john gloster
Is there any API to retrieve the values of BasicConstraint extention of a certificate?

Needed to find out whether it is a CA certificate and Path Length constraint.

Could someone please provide me with sample code?

Thanks.  

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Certificate path validation.

Richard Stanek
      static bool IsCACertificate(X509* cert)
      {
         // (U) Initialize to false.
         bool bRetVal = false;

         BASIC_CONSTRAINTS* bsCA =
(BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints,
NULL, NULL);
         if (bsCA)
         {
            // (U) Could be a CA.
            if (bsCA->ca)
            {
               // (U) Is a CA.
               bRetVal = true;
            }
            else
            {
               // (U) Is NOT a CA.  Return value set.
            }
            BASIC_CONSTRAINTS_free(bsCA);
         }
         else
         {
            // (U) Not a CA.  Return value set.
         }

         // (U) return the results.
         return bRetVal;
      }

On Wed, Mar 29, 2017 at 10:17 AM, john gloster <[hidden email]> wrote:

> Is there any API to retrieve the values of BasicConstraint extention of a
> certificate?
>
> Needed to find out whether it is a CA certificate and Path Length
> constraint.
>
> Could someone please provide me with sample code?
>
> Thanks.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Certificate path validation.

Murugesh
Hi,

To find CA or not, "X509_check_ca" may be used.

Thanks,
Murugesh P.

On 3/29/17, Richard Stanek <[hidden email]> wrote:

>       static bool IsCACertificate(X509* cert)
>       {
>          // (U) Initialize to false.
>          bool bRetVal = false;
>
>          BASIC_CONSTRAINTS* bsCA =
> (BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints,
> NULL, NULL);
>          if (bsCA)
>          {
>             // (U) Could be a CA.
>             if (bsCA->ca)
>             {
>                // (U) Is a CA.
>                bRetVal = true;
>             }
>             else
>             {
>                // (U) Is NOT a CA.  Return value set.
>             }
>             BASIC_CONSTRAINTS_free(bsCA);
>          }
>          else
>          {
>             // (U) Not a CA.  Return value set.
>          }
>
>          // (U) return the results.
>          return bRetVal;
>       }
>
> On Wed, Mar 29, 2017 at 10:17 AM, john gloster <[hidden email]> wrote:
>> Is there any API to retrieve the values of BasicConstraint extention of a
>> certificate?
>>
>> Needed to find out whether it is a CA certificate and Path Length
>> constraint.
>>
>> Could someone please provide me with sample code?
>>
>> Thanks.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...