Support reading x509v3 extensions from a certificate #12
Comments
daurnimator
changed the title
|
Can you use the features recently added by kunkku, such as crt:getExtension, extension:getID, extension:getName, and extension:getData? |
Partially. e.g. s=require"cqueues.socket".connect("globalsign.com", 443);
s:starttls();
ssl = s:checktls();
cert = ssl:getPeerCertificate();
aia = cert:getExtension("authorityInfoAccess");
io.write(aia:getData())Will print the contents of the extension field. However, it is an ASN.1 encoded string. Otherwise, an iterator over the available extensions would be useful; it took me a bit to figure out that the extension 'name' that OCSP is under was |
|
Here's my testing code: for i=1,crt:getExtensionCount() do
local ext = crt:getExtension(i)
print(string.format("%s: %s", ext:getLongName() or ext:getID(), ext:getCritical() and "critical" or ""))
print(ext:text(0, 8))
endI'll add the __tostring metamethod once I figure out what the appropriate flags to X509V3_EXT_print should be. |
Ah ha! I didn't know you could get by index :) |
|
I added that about an hour ago, along with the updated documentation. |
Commit 6fbdef8 appears to also include some 'unsigned' changes, was that mean to be in there? |
The flags define what to do when openssl doesn't have knowledge of how to stringify a field, or a field doesn't match specifications: The defined flags are:
Anything else returns success but does nothing. |
|
Closing as I feel like this is effectively done now. |
I was playing with using OCSP validation, but found that I had no way to read the OCSP url outside of
cert:text()Please add support for reading x509v3 extensions.
The text was updated successfully, but these errors were encountered: