openssl获取证书扩展 [英] openssl get certificate extensions

问题描述

我正在使用openssl解析X509证书. 我设法获得了扩展名，但是我不知道如何提取扩展名的值.

I'm using openssl to parse X509 certificate. I manage to get extensions, but I don't know how to extract the extension value.

我正在使用的代码是:

  X509_EXTENSION *extension =  sk_X509_EXTENSION_pop(exts);
  int critical =  X509_EXTENSION_get_critical(extension);

  ASN1_OBJECT *obj = extension-> object;
  ln = OBJ_nid2ln(OBJ_obj2nid(obj));
  if( !ln ) ln = "";
  OBJ_obj2txt(objbuf,sizeof(objbuf),obj,1);
  int nid = OBJ_txt2nid(ln);  

此代码告诉我扩展名是否关键，并告诉我扩展名.

This code tells me whether the extension is critical or not and gives me nid of the extension.

我想可以通过以下方式获得价值

I suppose value can be obtained by:

ASN1_OCTET_STRING * data = X509_EXTENSION_get_data(extension);

ASN1_OCTET_STRING *data= X509_EXTENSION_get_data(extension);

但是我不确定如何处理检索到的data对象.该数据对象应该被解码. 关于如何获取扩展数据有任何想法吗?

but I am not sure how to handle the retrieved data object. The data object is supposed to be der-encoded. Any idea on how to get the extension data?

正如建议的此处一样，我正在尝试做:

As suggested here, I was trying to do:

ASN1_OCTET_STRING* octet_str = X509_EXTENSION_get_data(extension);
const unsigned char* octet_str_data = octet_str->data;
long xlen;
int tag, xclass;
int ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, octet_str->length);
printf(@"value: %s\n", octet_str_data);

，但是解码后得到的字符串与之前的字符串相同-类似: 4Á˃◊∫Ns∑äP∂W≠％£A

but the string I get after decoding is the same as prior to it - something like: 4Á˃◊∫Ns∑äP∂W≠%£A

推荐答案

如果要使用文本表示形式，可以使用内存BIO.对于这个线程，但是对每个扩展来说，实现方法都是相同的.

If you want to have a textual representation, you can use a memory BIO. I've answered how to this for a Key Usage extension in this thread, but the way to do it is the same for every extension.

致谢.

这篇关于openssl获取证书扩展的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！