On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote: > I am looking for the way to read a certificate from disk in C code and > get the hostname (CN) inside that certificate in the C code using the > openssl library.
Sadly, a rather complex task in general: - The subject DN could contain multiple CN values, what does such a certificate mean? - The certificate may have a subjectAlternativeName extension, that lists a set of "hostname" values valid for the certificate. - The certificate CN may be encoded via a multi-byte encoding. - The CN or subjectAltName may contain embedded NUL bytes. If you only look at certificates generated in a closed environment, you can eliminate some of these complications. For dealing with certs of potentially hostile entities, you need a reasonably defensive approach. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org