On 2009.10.19 at 17:40:11 -0400, Victor Duchovni wrote: > On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote: > > > I am looking for the way to read a certificate from disk in C code and > > get the hostname (CN) inside that certificate in the C code using the > > openssl library. > > Sadly, a rather complex task in general: > > - The subject DN could contain multiple CN values, what does such > a certificate mean? > - The certificate may have a subjectAlternativeName extension, that > lists a set of "hostname" values valid for the certificate.
There is function X509_get1_email in the Openssl crypto library, which does almost same thing for E-mail addresses as Victor requested for the hostnames. May be looking into source code of this function would be helpful. But it should be noted that there is more than one field type in the GENERAL_NAME, which can hold hostnames. For some applications it would be URI field type, for other may be dnsName. > - The certificate CN may be encoded via a multi-byte encoding. This is no problem, It is what ASN1_STRING_to_UTF8 function is for. BTW may someone point me to some document which specifies how IDN should be represented in the certificate - should they be specified in their human-readable form or in the representation used for DNS lookups? > - The CN or subjectAltName may contain embedded NUL bytes. You can compare return value of ASN1_STRING_to_UTF8 (which is number of characters in the converted string) with result of strlen on resulting string and if they don't match ring a bell. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org