RE: get info from my own certificate

Hello Ted,
Thank you for your quick answer, but
unfortunately, the openssl command can get the certificate only from a =
file but it is not useful in case of a smart card.

I have made a library from the OpenVPN project, from which I am able to =
realise a point-to-point connect. This library is able to connect by the =
help of smart cards too, by cryptoapi and pkcs11 API function calls.

When the connect is established, we can get the peer's certificate by =
the SSL_get_peer_certificate() function. I would like to write a similar =
function which could be able to get my own certificate from the SSL =
object, because the certificate is not available in a file in case of =
using smart card connecting.

If it is possible, in case of certificate file, I would like to avoid =
its reopening and rereading, and in case of a smart card to avoid the =
relevant cryptoapi and pkcs11 function calls. Instead of them, uniformly =
I would like to get my own certificate directly from the SSL object, =
similarly than SSL_get_peer_certificate() function does it or with help =
of the verify_callback() function call.

Could you suggest anything?
Thank you very much for your efforts,
Gabor


-----Original Message-----
From: [email]owner-openssl-dev@openssl.org[/email] =
[mailto:owner-openssl-dev@openssl.org] On Behalf Of Bernhard Fr=F6hlich
Sent: Tuesday, January 15, 2008 12:21 PM
To: [email]openssl-dev@openssl.org[/email]
Subject: Re: get info from my own certificate

Kiss G=E1bor schrieb:[color=blue]
> Dear Everybody,
>
> =20
>
> May I get some help about the following problem:
>
> =20
>
> Is there a function to get information about my own certificate?
>
> I would like to get the common name from my own certificate being in =[/color]
the SSL object.=20[color=blue]
>
> Is there a function for this probleme or can anybody suggest a =[/color]
solution?[color=blue]
>
> Thank you for your kindness.
>
> Gabor KISS
> =20[/color]

If you want to do it manually try openssl x509 -in <yourcert> -noout=20
-subject
If you want to use the library have a look at the source code in=20
apps\x509.c. The relevant fuction to call is X509_get_subject_name.

Hope it helps.
Ted
;)

______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]openssl-dev@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]