On Tue, Apr 29, 2008, Carolin Latze wrote:

> Hello everybody,
> I know, that might be an easy question, but I really didn't find an
> answer till now...
> I have a certificate in TLS (X.509) with an ASN1. Bit String extension.
> How to I read it out? Till now I did the following:
> X509_EXTENSION *ext;
> ext=X509_get_ext(cert,i);
> os=X509_EXTENSION_get_data(ext);
> extstr=ASN1_STRING_data(os);
> But extstr is not exactly what it should be. It should be a bit string
> of 20 bytes. extstr contains 20 bytes, but the first 4 bytes are always
> "1614" and the last four bytes are missing.... Any ideas? (I am sure, I
> am simply using the wrong functions, but everything I tried gave the
> same result)

You also need to retrieve the length of os using ASN1_STRING_length(os).

What you then have is the encoding of the BIT STRING and not the content. If
you want the content you have to call d2i_ASN1_BITSTRING() on the encoding,
see docs and FAQ for examples of using the d2i_*() functions.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org