Cert Utils Functions

A generic set of utility functions for manipulating OpenSSL objects, such as X509 certificates. More...

Convert ASN1_UTCTIME to time_t

globus_result_t globus_gsi_cert_utils_make_time (ASN1_UTCTIME *ctm, time_t *newtime)

Get the X509 certificate type (EEC, CA, proxy type, etc.)

globus_result_t globus_gsi_cert_utils_get_cert_type (X509 *cert, globus_gsi_cert_utils_cert_type_t *type)

Get the certificate name

globus_result_t globus_gsi_cert_utils_get_x509_name (char *subject_string, int length, X509_NAME *x509_name)

Get the base certificate name

globus_result_t globus_gsi_cert_utils_get_base_name (X509_NAME *subject, STACK_OF(X509)*cert_chain)

Detailed Description

A generic set of utility functions for manipulating OpenSSL objects, such as X509 certificates.

Function Documentation

globus_result_t globus_gsi_cert_utils_make_time (

ASN1_UTCTIME * ctm,

time_t * newtime)

Convert a ASN1_UTCTIME structure to a time_t.

Parameters:

ctm The ASN1_UTCTIME to convert

newtime The converted time

Returns:
GLOBUS_SUCCESS or an error captured in a globus_result_t

globus_result_t globus_gsi_cert_utils_get_cert_type (

X509 * cert,

globus_gsi_cert_utils_cert_type_t * type)

Determine the type of the given X509 certificate For the list of possible values returned, see globus_gsi_cert_utils_cert_type_t.

Parameters:

cert The X509 certificate

type The returned X509 certificate type

Returns:
GLOBUS_SUCCESS or an error captured in a globus_result_t

globus_result_t globus_gsi_cert_utils_get_x509_name (

     char * subject_string,

     int length,

     X509_NAME * x509_name)

Get the X509_NAME from a subject string.
OpenSSL doesn't provide this function, probably because it shouldn't be used. If you are getting an X509_NAME from just a string, its impossible to verify its integrity.

Parameters:

subject_string The subject in the format: "/O=Grid/OU=..."

length The length of the subject string

x509_name The resulting X509_NAME object

Returns:
GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned

globus_result_t globus_gsi_cert_utils_get_base_name (

X509_NAME * subject,

STACK_OF(X509)* cert_chain)

Get the base name of a proxy certificate.
Given an X509 name, strip off the proxy related /CN components to get the base name of the certificate's subject

Parameters:

subject Pointer to an X509_NAME object which gets stripped

cert_chain The certificate chain used to detect the number of CNs to strip. This is done by figuring out the number of proxies in the chain.

Returns:
GLOBUS_SUCCESS

about globus | grid research | globus toolkit | software development

Comments? webmaster@globus.org