[openssl-users] Certificate path validation.
murugesh pitchaiah
murugesh.pitchaiah at gmail.com
Thu Mar 30 06:57:48 UTC 2017
Hi,
To find CA or not, "X509_check_ca" may be used.
Thanks,
Murugesh P.
On 3/29/17, Richard Stanek <richard.stanek at rockwellcollins.com> wrote:
> static bool IsCACertificate(X509* cert)
> {
> // (U) Initialize to false.
> bool bRetVal = false;
>
> BASIC_CONSTRAINTS* bsCA =
> (BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints,
> NULL, NULL);
> if (bsCA)
> {
> // (U) Could be a CA.
> if (bsCA->ca)
> {
> // (U) Is a CA.
> bRetVal = true;
> }
> else
> {
> // (U) Is NOT a CA. Return value set.
> }
> BASIC_CONSTRAINTS_free(bsCA);
> }
> else
> {
> // (U) Not a CA. Return value set.
> }
>
> // (U) return the results.
> return bRetVal;
> }
>
> On Wed, Mar 29, 2017 at 10:17 AM, john gloster <glosterj9 at gmail.com> wrote:
>> Is there any API to retrieve the values of BasicConstraint extention of a
>> certificate?
>>
>> Needed to find out whether it is a CA certificate and Path Length
>> constraint.
>>
>> Could someone please provide me with sample code?
>>
>> Thanks.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
More information about the openssl-users
mailing list