On Sat, Apr 16, 2022 at 03:02:16PM -0700, Hal Murray wrote:
> openssl-us...@dukhovni.org said:
> > Can you explain *why* you want the list of DNS names?
> > Is this just for logging..
>
> Yes, just for logging.
My quick answer :
int iPos = X509_get_ext_by_NID( pCX509, NID_subject_alt_name, -1 );
if( iPos < 0 ) ...;
X509_EXTENSION* pE = X509_get_ext(pCX509, iPos );
pGNames = (GENERAL_NAMES*)X509V3_EXT_d2i( pE ); // (stack of
GENERAL_NAME)
for( ;; )
pGName =
openssl-us...@dukhovni.org said:
> Can you explain *why* you want the list of DNS names?
> Is this just for logging..
Yes, just for logging.
--
These are my opinions. I hate spam.
On Sat, Apr 16, 2022 at 01:18:57PM -0700, Hal Murray wrote:
> I can get the subject and issuer with
> X509_get_subject_name and X509_get_issuer_name
>
> I'm looking for something similar to get the SAN/DNS strings used to verify
> that this certificate is valid for the hostname provided via
Hi Hal,
Might be simpler to use the 'X509_VERIFY_PARAM...' interface.
Did you see :
https://www.openssl.org/docs/man1.1.1/man3/X509_VERIFY_PARAM_set1_host.html
Hope it helps,
Regards,
Michel.
-Message d'origine-
DeĀ : openssl-users [mailto:openssl-users-boun...@openssl.org] De la
I can get the subject and issuer with
X509_get_subject_name and X509_get_issuer_name
I'm looking for something similar to get the SAN/DNS strings used to verify
that this certificate is valid for the hostname provided via SSL_set1_host
Any API will be slightly complicated since there may be