Tuesday, January 06, 2009

Viewing extensions in X.509 certificates


In the last post we saw how to create certificates with custom extensions - as a second step let us see how we can access these extensions and make sense of them. The code below opens a certificate, counts the number of extensions in it and iterates over every extension and prints a representation of the extension understandable to, us, humans.
X509V3_add_standard_extensions();

inf = fopen("mycrt.crt", "r");
cert = (X509*) PEM_read_X509(inf, NULL, NULL)
count = X509_get_ext_count(cert);

for(i = 0; i < count; i++) {
        ext = X509_get_ext(cert, i);

        printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
        if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) {
                ERR_print_errors_fp(stderr);
        }
        printf("\n");
        X509_EXTENSION_free(ext);
}


It doesn't print the human representation of all the extensions found but only for the built in extensions, because the library doesn't yet know to represent the custom extensions that we have placed in the certificate.

More about parsing custom extensions and making sense of the values in it in a later post.

No comments: