On Thu, Jun 12, 2014 at 08:37:12PM +0100, Jeremy Harris wrote:
> Viktor commented in the mailinglist that we shouldn't parse the output of
> X509_print_ex() and should return an OID rather than something human-readable.
Mostly because the "human-readable" descriptions are a rather
unstable interface. I believe that for some exotic signature
schemes they return a multi-line description of the algorithm and
parameters! The C code to get the signature description inside
OpenSSL itself is as you point out rather complex, and dives
deep into library internals. I think you should ask for
guidance on openssl-users, I don't know the answer to this,
beyond the observation that it is easy if you 'settle' for
an OID.
> Does anyone else wish to comment?
Sorry, I am not someone else, I hope all the real someone elses
are not detered by my hogging the thread...
--
Viktor.
