NAME
ne_ssl_cert_identity, ne_ssl_cert_signedby, ne_ssl_cert_issuer, ne_ssl_cert_subject - functions to access certificate properties
SYNOPSIS
#include <ne_ssl.h>
const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert);
const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert);
const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert);
const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert);
DESCRIPTION
The function
ne_ssl_cert_identity
retrieves the
identity
of a certificate; for an SSL server certificate, this will be the hostname for which the certificate was issued. In PKI parlance, the identity is the
common name
attribute of the distinguished name of the certificate subject.
The functions
ne_ssl_cert_subject
and
ne_ssl_cert_issuer
can be used to access the objects representing the distinguished name of the subject and of the issuer of a certificate, respectively.
If a certificate object is part of a certificate chain, then
ne_ssl_cert_signedby
can be used to find the certificate which signed a particular certificate. For a self-signed certificate or a certificate for which the full chain is not available, this function will return
NULL.
RETURN VALUE
ne_ssl_cert_issuer
and
ne_ssl_cert_subject
are guaranteed to never return
NULL.
ne_ssl_cert_identity
may return
NULL
if the certificate has no specific
identity.
ne_ssl_cert_signedby
may return
NULL
as covered above.
EXAMPLES
The following function could be used to display information about a given certificate:
void dump_cert(const ne_ssl_certificate *cert) {
const char *id = ne_ssl_cert_identity(cert);
char *dn;
if (id)
printf("Certificate was issued for '%s'.\n", id);
dn = ne_ssl_readable_dname(ne_ssl_cert_subject(cert));
printf("Subject: %s\n", dn);
free(dn);
dn = ne_ssl_readable_dname(ne_ssl_cert_issuer(cert));
printf("Issuer: %s\n", dn);
free(dn);
}
SEE ALSO
ne_ssl_cert_cmp,
ne_ssl_readable_dname
ČLÁNKY DO MAILU