[openssl-users] Certificate path validation.

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Thu Mar 30 06:57:48 UTC 2017


Hi,

To find CA or not, "X509_check_ca" may be used.

Thanks,
Murugesh P.

On 3/29/17, Richard Stanek <richard.stanek at rockwellcollins.com> wrote:
>       static bool IsCACertificate(X509* cert)
>       {
>          // (U) Initialize to false.
>          bool bRetVal = false;
>
>          BASIC_CONSTRAINTS* bsCA =
> (BASIC_CONSTRAINTS*)X509_get_ext_d2i(cert, NID_basic_constraints,
> NULL, NULL);
>          if (bsCA)
>          {
>             // (U) Could be a CA.
>             if (bsCA->ca)
>             {
>                // (U) Is a CA.
>                bRetVal = true;
>             }
>             else
>             {
>                // (U) Is NOT a CA.  Return value set.
>             }
>             BASIC_CONSTRAINTS_free(bsCA);
>          }
>          else
>          {
>             // (U) Not a CA.  Return value set.
>          }
>
>          // (U) return the results.
>          return bRetVal;
>       }
>
> On Wed, Mar 29, 2017 at 10:17 AM, john gloster <glosterj9 at gmail.com> wrote:
>> Is there any API to retrieve the values of BasicConstraint extention of a
>> certificate?
>>
>> Needed to find out whether it is a CA certificate and Path Length
>> constraint.
>>
>> Could someone please provide me with sample code?
>>
>> Thanks.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


More information about the openssl-users mailing list