On 9/12/2012 9:36 AM, Dr. Stephen Henson wrote:
You check each value of the returned GENERAL_NAMES structure until you find
the one you are interested in. It looks like in your case it is the type
GEN_DIRNAME which means the X509_NAME field directoryName of the union is
relevant. You can then analyse that X509_NAME field e.g. like a certificate
subject name.
Here's the code I came up with - error checking, etc. removed for
brevity. It works. Would anyone care to critique it?
To review, here's what I'm trying to parse:
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:xxxxxx00/2.23.133.2.2=Partname/2.23.133.2.3=id:version
int GetExtensions(X509 *x509Certificate)
{
STACK_OF(X509_EXTENSION) *exts;
int numExtensions;
GENERAL_NAMES *subjectAltNames =
(GENERAL_NAMES*) X509_get_ext_d2i(x509Certificate,
NID_subject_alt_name,
NULL, NULL);
int numberOfAlts = sk_GENERAL_NAME_num (subjectAltNames);
for ( i = 0; i < numberOfAlts ; i++) {
const GENERAL_NAME *pName =
sk_GENERAL_NAME_value (subjectAltNames, i);
if (pName->type == GEN_DIRNAME) {
X509_NAME *directoryName = (X509_NAME *)pName->d.dirn;
int entryCount = X509_NAME_entry_count(directoryName);
for (i = 0 ; i < entryCount ; i++) {
char asn1Object[256];
unsigned char *asn1ObjectValue = NULL;
X509_NAME_ENTRY *ent =
X509_NAME_get_entry(directoryName, i);
/* get the name, the OID */
ASN1_OBJECT *fn = X509_NAME_ENTRY_get_object(ent);
OBJ_obj2txt(asn1Object, sizeof asn1Object, fn, 1);
/* get the value, the text associated with OID name */
ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent);
int length = ASN1_STRING_to_UTF8(&asn1ObjectValue, val);
}
}
}
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
