X509 info

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

X509 info

vipin rathor
hi all,
    I want to develop a small utility in C to show all information about the X509 certificate file in a structured comprehensive(as displayed by browsers like IE). i'm working on SLES 9. so please help me out....
    one more thing, i know the routines like X509_get_subject_name() and X509_get_issuer_name(), but i can not find the manaul pages for these routines. where can i get that??? moreover i want other information about other routines as well that can give me all information about the certificate.
     An early response will be appreciated.
 
Thanx in advance,
- vipin


Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
Reply | Threaded
Open this post in threaded view
|

Re: X509 info

Bernhard Fröhlich-2
vipin rathor wrote:

> hi all,
>     I want to develop a small utility in C to show all information
> about the X509 certificate file in a structured comprehensive(as
> displayed by browsers like IE). i'm working on SLES 9. so please help
> me out....
>     one more thing, i know the routines like X509_get_subject_name()
> and X509_get_issuer_name(), but i can not find the manaul pages for
> these routines. where can i get that??? moreover i want other
> information about other routines as well that can give me all
> information about the certificate.
>      An early response will be appreciated.
You should have a look at
http://www.openssl.org/docs/crypto/X509_NAME_print_ex.html, I think it
is quite close to what you want.
Otherwise I'd suggest to have a look at the sources of the X509-utility
of OpenSSL

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: X509 info

michael Dorrian
Here is a function to do what you want that i just wrote today. At least i hope its what you want. Good luck!.
void ShowCerts(SSL* ssl)
{   X509 *cert;
 char buf[100];
 /* get the server's certificate */
 cert = SSL_get_peer_certificate(ssl);
 if ( cert != NULL )
    {      
  /* issuer */ 
  X509_NAME_get_text_by_NID(cert->cert_info->subject, NID_commonName, buf,sizeof(buf));
  printf("  Subject-CN: %s\n", buf);
  X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_commonName, buf,sizeof(buf));
  printf("  Issuer-CN:  %s\n", buf);
  X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_countryName, buf,sizeof(buf));
  printf("  Issuer Country:  %s\n", buf);
  X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_organizationName, buf,sizeof(buf));
  printf("  Issuer Organisation:  %s\n", buf);
 }
    else
        printf("No certificates.\n");
}
Bernhard Froehlich <[hidden email]> wrote:
vipin rathor wrote:

> hi all,
> I want to develop a small utility in C to show all information
> about the X509 certificate file in a structured comprehensive(as
> displayed by browsers like IE). i'm working on SLES 9. so please help
> me out....
> one more thing, i know the routines like X509_get_subject_name()
> and X509_get_issuer_name(), but i can not find the manaul pages for
> these routines. where can i get that??? moreover i want other
> information about other routines as well that can give me all
> information about the certificate.
> An early response will be appreciated.
You should have a look at
http://www.openssl.org/docs/crypto/X509_NAME_print_ex.html, I think it
is quite close to what you want.
Otherwise I'd suggest to have a look at the sources of the X509-utility
of OpenSSL

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26



Yahoo! Mail
Use Photomail to share photos without annoying attachments.
Reply | Threaded
Open this post in threaded view
|

Re: X509 info

Dr. Stephen Henson
On Tue, Mar 14, 2006, michael Dorrian wrote:

> Here is a function to do what you want that i just wrote today. At least i
> hope its what you want. Good luck!.
>   void ShowCerts(SSL* ssl)
> {   X509 *cert;
>    char buf[100];
>    /* get the server's certificate */
>  cert = SSL_get_peer_certificate(ssl);
>  if ( cert != NULL )
>     {      
>   /* issuer */
>   X509_NAME_get_text_by_NID(cert->cert_info->subject, NID_commonName, buf,sizeof(buf));
>   printf("  Subject-CN: %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_commonName, buf,sizeof(buf));
>   printf("  Issuer-CN:  %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_countryName, buf,sizeof(buf));
>   printf("  Issuer Country:  %s\n", buf);
>   X509_NAME_get_text_by_NID(cert->cert_info->issuer, NID_organizationName, buf,sizeof(buf));
>   printf("  Issuer Organisation:  %s\n", buf);
>  }
>     else
>         printf("No certificates.\n");
> }

That will print two fields with no indication of order. The function
X509_NAME_get_text_by_NID is really a legacy function and it can be confused
by the presence of things like BMPStrings in certificates. It also accesses
structures directly which is discouraged.

Back to the OP query. It depends on what you want to do.

If you just want to print out certificate in a human readable form as various
lines of text then X509_print_ex() will do the job.

If instead you want to extract each field and place it in something like a
dialog box then that's tricker and you need to decide which fields to place
where. The subject and issuer names can be handled by through the X509_NAME
functions, extensions would need to be handled as a special case.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

X509 more info

vipin rathor

hi all,
  thanx to Dr. Stephen Henson, michael Dorrian,Bernhard Froehlich for their valueble responses....
  yes Steve, u got it right that the information i want to print is everything about a certificate that comprises of things such as Version, Serial No., Sign. Algorithm, Issuer, Valid from, valid to, subject, public key, Enhanced key usage, Authority key identifier, basic constraints, thumbprint algo and thumbprint. (as displayed by the IE or any other browser...)
   By going through the documentation, i found that almost all members of X509 struct ends up using the data type like ASN1_OBJECT or ASN1_INTEGER. and i'm still trying to find the functions which can give me such info....
   e.g. the function i am using to get the sign. algo. is d2i_X509_ALGOR() [right now, even this is not working properly...but i'll fix that...]
   so any more help from all u poeple will help me to do this thing....
 
Thanks in advance....
Vipin


Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.