ne_ssl_cert_identity, ne_ssl_cert_signedby, ne_ssl_cert_issuer, ne_ssl_cert_subject — functions to access certificate properties
#include <ne_ssl.h>
const char *ne_ssl_cert_identity( | const ne_ssl_certificate *cert); |
const ne_ssl_certificate *ne_ssl_cert_signedby( | const ne_ssl_certificate *cert); |
const ne_ssl_dname *ne_ssl_cert_subject( | const ne_ssl_certificate *cert); |
const ne_ssl_dname *ne_ssl_cert_issuer( | const ne_ssl_certificate *cert); |
The function ne_ssl_cert_identity
retrieves the “identity” of a certificate; for an
SSL server certificate, this will be the hostname for which the
certificate was issued. In PKI parlance, the identity is the
common name attribute of the distinguished name of
the certificate subject.
The functions ne_ssl_cert_subject and
ne_ssl_cert_issuer can be used to access the
objects representing the distinguished name of the subject and of
the issuer of a certificate, respectively.
If a certificate object is part of a certificate chain, then
ne_ssl_cert_signedby can be used to find the
certificate which signed a particular certificate. For a
self-signed certificate or a certificate for which the full chain
is not available, this function will return NULL.
ne_ssl_cert_issuer and
ne_ssl_cert_subject are guaranteed to never
return NULL. ne_ssl_cert_identity may
return NULL if the certificate has no specific
“identity”. ne_ssl_cert_signedby
may return NULL as covered above.
The following function could be used to display information about a given certificate:
void dump_cert(const ne_ssl_certificate *cert) {
const char *id = ne_ssl_cert_identity(cert);
char *dn;
if (id)
printf("Certificate was issued for '%s'.\n", id);
dn = ne_ssl_readable_dname(ne_ssl_cert_subject(cert));
printf("Subject: %s\n", dn);
free(dn);
dn = ne_ssl_readable_dname(ne_ssl_cert_issuer(cert));
printf("Issuer: %s\n", dn);
free(dn);
}