Dr Stephen Henson пишет:
> Zhumabekov Yerden wrote:
>> I just want to have some directive in
>> configuration file which is useful to
>> check _if_ the extension of certain OID
>> is present in user's supplied certificate.
>> That's simple, but mod_ssl cannot do
>> that simple check.
> Ah I see. The code in the trunk seems to have this functionality already: it
> uses ASN1_STRING_print if X509V3_EXT_print fails. I'd guess this is to mirror
> the behaviour of X509V3_extensions_print in OpenSSL.
>
Oh, thanks. I will have a look at latest code.
> There are other ways of doing things though. The default behaviour is to return
> an error with an unsupported or invalid extension. By passing an appropriate
> flag to X509V3_EXT_print it can print out a warning message, ASN1 parse the
> result or perform a hex dump of the encoded value.
>
Well, actually, I don't care about the value of extension, I just want
to know if it's there or not. :)
> I'd say ASN1 parse is probably the most appropriate thing to do or possibly have
> a configuration option.
>
Thanks, I'll dig it in that way.
--
Yerden
|