Re: How to extract subjectAltName

Wed, 18 Jun 2008 01:09:42 -0700 

Thanks for that tip.

It works now this way:

UaPkiCertificateInfo UaPkiCertificate::info() const
{
    UaPkiCertificateInfo ret;
    X509_EXTENSION *pExt;
    char *pBuffer = 0;
    int length = 0;
    GENERAL_NAMES *subjectAltNames;

    subjectAltNames = ( GENERAL_NAMES* ) X509_get_ext_d2i ( m_pCert, 
NID_subject_alt_name, NULL, NULL );
    if ( subjectAltNames )
    {
        int numalts;
        int i;

        /* get amount of alternatives, RFC2459 claims there MUST be at least 
one, but we don't depend on it... */
        numalts = sk_GENERAL_NAME_num ( subjectAltNames );

        /* loop through all alternatives */
        for ( i=0; ( i<numalts ); i++ )
        {
            /* get a handle to alternative name number i */
            const GENERAL_NAME *pName = sk_GENERAL_NAME_value ( 
subjectAltNames, i );

            switch ( pName->type )
            {
                case GEN_OTHERNAME:
                    break;
                case GEN_EMAIL:
                    ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, 
pName->d.ia5);
                    ret.eMail = pBuffer;
                    OPENSSL_free(pBuffer);
                    break;
                case GEN_DNS:
                    ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, 
pName->d.ia5);
                    ret.DNS = pBuffer;
                    OPENSSL_free(pBuffer);
                    break;
                case GEN_X400:
                    break;
                case GEN_DIRNAME:
                    break;
                case GEN_EDIPARTY:
                    break;
                case GEN_URI:
                    ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, 
pName->d.ia5);
                    ret.URI = pBuffer;
                    OPENSSL_free(pBuffer);
                    break;
                case GEN_IPADD:
                    ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, 
pName->d.ia5);
                    ret.IP = pBuffer;
                    OPENSSL_free(pBuffer);
                    break;
                case GEN_RID:
                    break;
            }

        }
    }
    
    return ret;
}

On Tuesday 17 June 2008 23:56:26 Goetz Babin-Ebell wrote:
> GeneralNames *names;
> STACK_OF(CONF_VALUE) *vals = sk_CONV_VALUE_new_null();
>
> names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
> if (names) {
>         /* you now can use OpenSSL to transform the names into
>            some printable format... */
>         i2v_GENERAL_NAMES(NULL, names, vals);
>         sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
> }
>
> for(int i = 0; i < sk_CONF_VALUE_num(vals); i++) {
>         CONF_VALUE *conf = sk_CONF_VALUE_value(vals, i);
>         ret.subjectAltName.appendNameValue(conf->name, conf->value);
> }
> sk_CONF_VALUE_pop_free(vals, CONF_VALUE_free);



-- 
mit freundlichen Grüßen / best regards
 
Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to