All Manuals > LispWorks® User Guide and Reference Manual > 32 The COMM Package

get-certificate-data

get-certificate-common-name

get-certificate-serial-number Functions

Summary

Expert use: gets data from a certificate pointer.

Package

comm

Signatures

get-certificate-data certificate-pointer => certificate-data

get-certificate-common-name certificate-pointer => common-name

get-certificate-serial-number certificate-pointer => serial-number

Arguments
certificate-pointer
A FLI pointer of type sec-certificate-ref or x509-pointer.
Values
certificate-data
A list of lists.
common-name
A string.
serial-number
An integer.
Description

The function get-certificate-data returns certificate data for certificate-pointer (described below). The function get-certificate-common-name returns the Common Name of the Subject of certificate-pointer. The function get-certificate-serial-number returns the serial number of certificate-pointer.

certificate-pointer must be a FLI pointer of type sec-certificate-ref or x509-pointer, pointing to a certificate object of the underlying SSL implementation. You can obtain such a pointer by calling ssl-connection-copy-peer-certificates, or using your own FLI interface to the underlying SSL implementation.

certificate-data is a list of lists, where each element is a list of the form:

(keyword value)

keyword specifies the field in the certificate, and value its value. The keywords that appear in the data vary between SSL implementations. The keywords are that are common to all implementations are:

:subject-common-name
A string: the common name of the subject of the certificate.
:serial-number
An integer: the serial number of the certificate.
:emails
A list of strings: email addresses (not present if there are no email addresses).

For the Apple implementation, that is when certificate-pointer is of type sec-certificate-ref, certificate-data also contains the following:

:summary, :long-description, :short-description
The values for these are strings, corresponding to the results of the C functions SecCertificateCopySubjectSummary, SecCertificateCopyLongDescription and SecCertificateCopyShortDescription. Note: :long-description and :short-description are not included on iOS.
:normalized-subject, :normalized-issuer
The values of these are vectors of element type (unsigned-byte 8), corresponding to the results of the C functions SecCertificateCopyNormalizedSubjectContent and SecCertificateCopyNormalizedIssuerContent.

For the OpenSSL implementation, certificate-data also contains the following (if they are defined in certificate-pointer):

:subject, :issuer
The values of these are lists of lists of two strings. The first string is the name of a field in the subject or issuer, and the second string is the value of the field. The field names are normally: "commonName", "organizationalUnitName", "organizationName" and "countryName". The value associated with "commonName" in :subject is the same string as the value of :subject-common-name.
:version
The value is an integer specifying the version of the certificate.
:not-before, :not-after
The values are objects of type generalized-time specifying the start and end dates of the validity period of the certificate.
:public-key-algorithm, :signature-algorithm
The values of these are strings specifying the algorithm of the public key and signature.
:public-key, :signature
The values of these are arrays of element type (unsigned-byte 8) containing the public key and signature.
:usage, :extended-usage
The values of these are lists of keywords specifying the usage. For :usage, each keyword is one of: :digital-signature, :non-repudiation, :key-encipherment, :data-encipherment, :key-agreement, :key-cert-sign, :crl-sign, :encipher-only or :deciper-only. For :extended-usage, each keyword is one of: :ssl-client, :ssl-server, :smime, :objsign, :ssl-ca, :smime-ca or :objsign-ca.
:extensions
The value is a list of lists of two strings, where the first string is the name of the extension, and the second is the value.
Notes

ssl-connection-get-peer-certificates-data returns the same certificate data as get-certificate-data.

Examples

There is an example of using ssl-connection-get-peer-certificates-data, which is useful to see how certificate-data looks, in:

(example-edit-file "ssl/ssl-certificates")
See also

ssl-connection-get-peer-certificates-data


LispWorks® User Guide and Reference Manual - 01 Dec 2021 19:30:26