[openssl-users] Certificate path validation.
Richard Stanek
richard.stanek at rockwellcollins.com
Wed Mar 29 16:01:53 UTC 2017
static bool IsCACertificate(X509* cert)
{
// (U) Initialize to false.
bool bRetVal = false;
BASIC_CONSTRAINTS* bsCA =
(BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints,
NULL, NULL);
if (bsCA)
{
// (U) Could be a CA.
if (bsCA->ca)
{
// (U) Is a CA.
bRetVal = true;
}
else
{
// (U) Is NOT a CA. Return value set.
}
BASIC_CONSTRAINTS_free(bsCA);
}
else
{
// (U) Not a CA. Return value set.
}
// (U) return the results.
return bRetVal;
}
On Wed, Mar 29, 2017 at 10:17 AM, john gloster <glosterj9 at gmail.com> wrote:
> Is there any API to retrieve the values of BasicConstraint extention of a
> certificate?
>
> Needed to find out whether it is a CA certificate and Path Length
> constraint.
>
> Could someone please provide me with sample code?
>
> Thanks.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
More information about the openssl-users
mailing list