Community articleCertificate_GetIssuer function
Added by IBM contributorIBM on August 16, 2011
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.


This function extracts the issuer certificate from the certificate provided.


   r_error Certificate_GetIssuer(
      Certificate *theCertificate, 
      SecurityUserStatusType *theStatus, 
      Certificate **issuerCert);


Table 1. Function parameters
theCertificate Certificate*A pointer to the certificate object from which you want to extract the issuer certificate.
theStatusSecurityUserStatusType*A pointer that is set with the status of the operation. This will be one of the following:
SUSTATUS_OK — The operation was successful.
SUSTATUS_CANCELLED— the operation was cancelled by the user.
SUSTATUS_INPUT_REQUIRED — the operation required user input, but could not receive it (for example, it was run on a server with no user).
issuerCert Certificate**A pointer that is set with the issuers certificate.


OK on success or an error code on failure.


The following example gets the signing certificate from a signature object, then iterates through the certificate issuers until it reaches the end of the chain. During the iteration, each certificate is passed to a function that processes them.
   r_error processCertChain(Signature *theSig)
   Certificate *theCert, *issuerCert;
   SecurityUserStatusType theStatus;
   /* Get the signing certificate from the signature. */
      if (Signature_GetSigningCert(theSig, &theCert) != OK)
         fprintf(stderr, "Could not get signing certificate.\n"); 
      /* Loop through the certificate chain, passing each certificate to the 
         ProcessCert function. The loop ends when the issuer certificate is 
         NULL. */
while (theCert != NULL)
         /* Pass the certificate to the processCert function.  Note that 
            this is not an API function, but rather a function you would 
            write to process the certificate in some way. */
         if (ProcessCert(theCert) != OK)
            fprintf(stderr, "Could not process certificate.\n"); 
         /* Get the issuer certificate from theCert. */
         if (Certificate_GetIssuer(theCert, &theStatus, &issuerCert) != OK)
            fprintf(stderr, "Could not get issuer certificate.\n");
         /* Check to ensure the function exited with the correct status. */
         if (theStatus != SUSTATUS_OK)
            fprintf(stderr, "GetIssuer exited with wrong status.\n");
         /* Free theCert object. */
         /* Assign theCert to equal the issuerCert for next iteration of the 
            loop. */
         theCert = issuerCert;

Parent topic:
Certificate functions