Expert use: gets data from a certificate pointer.
comm
get-certificate-data certificate-pointer => certificate-data
get-certificate-common-name certificate-pointer => common-name
get-certificate-serial-number certificate-pointer => serial-number
| certificate-pointer⇩ |
A FLI pointer of type sec-certificate-ref or x509-pointer. |
| certificate-data⇩ |
A list of lists. |
| common-name |
A string. |
| serial-number |
An integer. |
The function get-certificate-data returns certificate data for certificate-pointer (described below). The function get-certificate-common-name returns the Common Name of the Subject of certificate-pointer. The function get-certificate-serial-number returns the serial number of certificate-pointer.
certificate-pointer must be a FLI pointer of type sec-certificate-ref or x509-pointer, pointing to a certificate object of the underlying SSL implementation. You can obtain such a pointer by calling ssl-connection-copy-peer-certificates, or using your own FLI interface to the underlying SSL implementation.
certificate-data is a list of lists, where each element is a list of the form:
(keyword value)
keyword specifies the field in the certificate, and value its value. The keywords that appear in the data vary between SSL implementations. The keywords are that are common to all implementations are:
:subject-common-name | |
|
A string: the common name of the subject of the certificate. | |
:serial-number |
An integer: the serial number of the certificate. |
:emails |
A list of strings: email addresses (not present if there are no email addresses). |
For the Apple implementation, that is when certificate-pointer is of type sec-certificate-ref, certificate-data also contains the following:
:summary, :long-description, :short-description | |
|
The values for these are strings, corresponding to the results of the C functions SecCertificateCopySubjectSummary, SecCertificateCopyLongDescription and SecCertificateCopyShortDescription. Note: :long-description and :short-description are not included on iOS. | |
:normalized-subject, :normalized-issuer | |
|
The values of these are vectors of element type (unsigned-byte 8), corresponding to the results of the C functions SecCertificateCopyNormalizedSubjectContent and SecCertificateCopyNormalizedIssuerContent. | |
For the OpenSSL implementation, certificate-data also contains the following (if they are defined in certificate-pointer):
:subject, :issuer |
The values of these are lists of lists of two strings. The first string is the name of a field in the subject or issuer, and the second string is the value of the field. The field names are normally: "commonName", "organizationalUnitName", "organizationName" and "countryName". The value associated with "commonName" in :subject is the same string as the value of :subject-common-name. |
:version |
The value is an integer specifying the version of the certificate. |
:not-before, :not-after | |
|
The values are objects of type generalized-time specifying the start and end dates of the validity period of the certificate. | |
:public-key-algorithm, :signature-algorithm | |
|
The values of these are strings specifying the algorithm of the public key and signature. | |
:public-key, :signature | |
|
The values of these are arrays of element type (unsigned-byte 8) containing the public key and signature. | |
:usage, :extended-usage | |
|
The values of these are lists of keywords specifying the usage. For :usage, each keyword is one of: :digital-signature, :non-repudiation, :key-encipherment, :data-encipherment, :key-agreement, :key-cert-sign, :crl-sign, :encipher-only or :deciper-only. For :extended-usage, each keyword is one of: :ssl-client, :ssl-server, :smime, :objsign, :ssl-ca, :smime-ca or :objsign-ca. | |
:extensions |
The value is a list of lists of two strings, where the first string is the name of the extension, and the second is the value. |
ssl-connection-get-peer-certificates-data returns the same certificate data as get-certificate-data.
There is an example of using ssl-connection-get-peer-certificates-data, which is useful to see how certificate-data looks, in:
(example-edit-file "ssl/ssl-certificates")
LispWorks® User Guide and Reference Manual - 01 Dec 2021 19:30:26