The Globus GSI Certificate Handling Utilities library. This library contains helper functions for dealing with certificates.
◆ globus_gsi_cert_utils_get_base_name()
| globus_result_t globus_gsi_cert_utils_get_base_name |
( |
X509_NAME * |
subject, |
|
|
STACK_OF(X509) * |
cert_chain |
|
) |
| |
Get the base certificate name from a certificate chain.
Get the base name of a proxy certificate. Given an X509 name, strip off the proxy related /CN components to get the base name of the certificate's subject
- Parameters
-
| subject | Pointer to an X509_NAME object which gets stripped |
| cert_chain | The certificate chain used to detect the number of CNs to strip. This is done by figuring out the number of proxies in the chain. |
- Returns
- GLOBUS_SUCCESS
◆ globus_gsi_cert_utils_get_cert_type()
Get the X509 certificate type.
Determine the type of the given X509 certificate For the list of possible values returned, see globus_gsi_cert_utils_cert_type_t.
- Parameters
-
| cert | The X509 certificate |
| type | The returned X509 certificate type |
- Returns
- GLOBUS_SUCCESS or an error captured in a globus_result_t
◆ globus_gsi_cert_utils_get_eec()
| globus_result_t globus_gsi_cert_utils_get_eec |
( |
STACK_OF(X509) * |
cert_chain, |
|
|
X509 ** |
eec |
|
) |
| |
Get the end-entity certificate from a certificate chain.
Get the end-entity certificate associated with a certificate chain
- Parameters
-
| cert_chain | Certificate chain to inspect. |
| eec | Pointer to be set to the EEC value from within the cert chain. Must freed by the caller. |
◆ globus_gsi_cert_utils_get_identity_cert()
| globus_result_t globus_gsi_cert_utils_get_identity_cert |
( |
STACK_OF(X509) * |
cert_chain, |
|
|
X509 ** |
identity_cert |
|
) |
| |
Get the identity certificate from a certificate chain.
Get the identity-providing certificate associated with a certificate chain. This may be an independent proxy or a end-entity certificate.
- Parameters
-
| cert_chain | Certificate chain to inspect. |
| identity_cert | Pointer to be set to the certificate value from within the cert chain. Must freed by the caller. |
◆ globus_gsi_cert_utils_get_x509_name()
| globus_result_t globus_gsi_cert_utils_get_x509_name |
( |
const char * |
subject_string, |
|
|
int |
length, |
|
|
X509_NAME * |
x509_name |
|
) |
| |
Get the certificate name.
Get the X509_NAME from a subject string. OpenSSL doesn't provide this function, probably because it shouldn't be used. If you are getting an X509_NAME from just a string, its impossible to verify its integrity.
- Parameters
-
| subject_string | The subject in the format: "/O=Grid/OU=..." |
| length | The length of the subject string |
| x509_name | The resulting X509_NAME object |
- Returns
- GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned
◆ globus_gsi_cert_utils_make_time()
| globus_result_t globus_gsi_cert_utils_make_time |
( |
const ASN1_UTCTIME * |
ctm, |
|
|
time_t * |
newtime |
|
) |
| |
Convert ASN1_UTCTIME to time_t.
Convert a ASN1_UTCTIME structure to a time_t
- Parameters
-
| ctm | The ASN1_UTCTIME to convert |
| newtime | The converted time |
- Returns
- GLOBUS_SUCCESS or an error captured in a globus_result_t
