X509 client verification

[Pj]

Thanks Steve,

this is what I came up with yesterday... (untested as yet)
I'll put that X509_get1_email() trick into it.

Thanks again for your reply...

void dumpCertificate(X509 *cert, char *fileName)
{
char buf[1024];
int ret;

X509_NAME *subj = X509_get_subject_name(cert);
X509_NAME *issuer = X509_get_issuer_name(cert);

FILE *fp;
fp = fopen(fileName,"w");
if (!fp) return;

/* check expiry dates */
if (X509_cmp_current_time(X509_get_notBefore(cert)) >= 0) {
fprintf(fp, "DateValid: false, Certificate date not yet valid");
}
else if (X509_cmp_current_time(X509_get_notAfter(cert)) <= 0) {
fprintf(fp, "DateValid: false, Certificate date expired");
}
else
fprintf(fp, "DateValid: true");

/* Subject commonName */
ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
NID_commonName, buf, 1024);
fprintf(fp, "Subject.CommonName: %s",(ret < 1)?"":buf);

/* Subject Organization name */
ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
NID_organizationName, buf, 1024);
fprintf(fp, "Subject.OrganizationName: %s",(ret < 1)?"":buf);

/* Subject Email Address */
ret = X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
NID_pkcs9_emailAddress, buf, 1024);
fprintf(fp, "Subject.Email: %s",(ret < 1)?"":buf);

/* Issuer Organization name */
ret = X509_NAME_get_text_by_NID(X509_get_issuer_name(cert),
NID_organizationName, buf, 1024);
fprintf(fp, "Issuer.Email: %s",(ret < 1)?"":buf);

fclose(fp);
}

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Phillip J Whillier.
Senior software engineer
Ruling Software
pvi...@iinet.net.au;ph...@ruling.com.au
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org