[openssl-users] X509 subject key identifier
Ken Goldman
kgoldman at us.ibm.com
Tue Sep 22 13:22:09 UTC 2015
This (of course) worked. I have three further questions.
1 - Am I correct that "data" points to the internal structure, and so
"skid" should not be freed until I'm done with "data"?
2 - For my education, I thought that d2i calls converted from DER to
openssl internal format. Yet, the input "subject" is an X509*, the
internal format.
3 - Are these calls documented? They're not in my usual starting point
https://www.openssl.org/docs/man1.0.1/crypto/
nor are they on the X509 page.
On 9/22/2015 1:25 AM, Viktor Dukhovni wrote:
> On Mon, Sep 21, 2015 at 06:29:02PM -0400, Ken Goldman wrote:
>
>> How can I programmatically get the Subject Key Identifier as a byte array
>> from an X509 certificate.
>
> Unless I'm mistaken:
>
> size_t len;
> unsigned char *data;
> ASN1_OCTET_STRING *skid;
>
> skid = X509_get_ext_d2i(subject, NID_subject_key_identifier, NULL, NULL);
> len = ASN1_STRING_length(skid);
> data = ASN1_STRING_data(skid);
>
> ... Take unspeakable liberties with "data" and "len" ...
>
> ASN1_OCTET_STRING_free(skid);
>
More information about the openssl-users
mailing list