On Tue, Jan 19, 2016, Nounou Dadoun wrote: > That actually worked reasonably smoothly, the only thing that I have to fix now is that it's obviously taking the time zone into account - is there a way of telling it to do everything in UTC? > The routines don't take any account of local timezone: if the ASN1_TIME structure contains a timezone (which is rare becasue it is forbidden in DER but a few certificates do it anyway) that will be adjusted. > And I still don't see any programmatic way of accessing whether a key usage is "critical" or not. > There are several ways to retrieve that. The function X509_get_ext_d2i() decodes an extension and retrieves the criticality flags in one call. You can use X509_EXTENSION_get_critical too if you've retrieved the X509_EXTENSION structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
