Re: How to get a list of SubjectAltNames of a cert in NSS

2017-03-03 Thread Paul Wouters
On Fri, 3 Mar 2017, Robert Relyea wrote: Yes, NSS only looks at the first subjectAltName section. That section can and should hold all the alt names (That's certainly the case with SSL certificates). Ok, so maybe we have generated certificates in a bad way :) See the attached python script

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-03-03 Thread Robert Relyea
On 03/03/2017 02:48 PM, Robert Relyea wrote: On 03/03/2017 09:42 AM, Paul Wouters wrote: On Fri, 3 Mar 2017, Robert Relyea wrote: [offlist] redirected back to the list, since the item I was concerned about is not a concern. Thanks for the info. I looked at it and have two questions and

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-03-03 Thread Robert Relyea
On 03/03/2017 09:42 AM, Paul Wouters wrote: On Fri, 3 Mar 2017, Robert Relyea wrote: [offlist] redirected back to the list, since the item I was concerned about is not a concern. Thanks for the info. I looked at it and have two questions and one concern (which is why this is offlist)

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-03-03 Thread Paul Wouters
On Fri, 3 Mar 2017, Robert Relyea wrote: [offlist] redirected back to the list, since the item I was concerned about is not a concern. Thanks for the info. I looked at it and have two questions and one concern (which is why this is offlist) I'm not sure what list this was from. I don't

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
Argh ... looks like the mailing list scrubbed 2 of my attachments. Here is the python code (not as an attachment), hope the mailer does not mangle it. import sys import nss.nss as nss from nss.error import NSPRError # Perform basic configuration and setup nss.nss_init_nodb() # Get the cert

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
On 02/23/2017 11:14 AM, John Dennis wrote: On 02/23/2017 11:04 AM, Paul Wouters wrote: Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? CERT_DecodeAltNameExtension See secu_PrintAltNameExtension() in

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
On 02/23/2017 11:04 AM, Paul Wouters wrote: Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? CERT_DecodeAltNameExtension See secu_PrintAltNameExtension() in cmd/lib/secutil.c or cert_VerifySubjectAltName() in

How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread Paul Wouters
Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? Paul -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto