On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote:
> I am looking for the way to read a certificate from disk in C code and
> get the hostname (CN) inside that certificate in the C code using the
> openssl library.
Sadly, a rather complex task in general:
- The subject DN could contain multiple CN values, what does such
a certificate mean?
- The certificate may have a subjectAlternativeName extension, that
lists a set of "hostname" values valid for the certificate.
- The certificate CN may be encoded via a multi-byte encoding.
- The CN or subjectAltName may contain embedded NUL bytes.
If you only look at certificates generated in a closed environment, you
can eliminate some of these complications. For dealing with certs of
potentially hostile entities, you need a reasonably defensive approach.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
