I found a solution. It's a clumsy one, but it works.
Well I considered that a certificate is encoded in base64. So I remove de
the 1st and last lines, and decode it. Now we got a lot of binary
information, but at least the info is there and readable, so we can search
for it.
I opened this data in a hexeditor, and look for my data. When I found it I
realized that a couple of bytes before it there were a part of my custom
OID number. I mean my OID number is 2.16.76.1.3.1, and I found the bytes
4C 01 03 01 (0x4C=76) just 8 bytes before the data. So I made PHP search
the decoded document for this bytes and extract the information I need
positionaly. I know it's clumsy, but it's the best I got until now.
Here is the PHP code I used:
$cert = $_SERVER['SSL_CLIENT_CERT'];
// remove first and last lines (i.e. BEGIN/END CERTIFICATE)
$cert = preg_replace(/\n.*$/, , preg_replace(/^.*\n/, , $cert));
$cert_dec = base64_decode($cert);
//find OID position
$pos = strpos($cert_dec, pack(H*, 4C010301)) + 8;
/extract custom data
$birthdate = substr($cert_dec, $pos, 8);
$docnumber = substr($cert_dec, $pos + 8, 11);
echo $birthdate;
echo br;
echo $docnumber;
If anyone has any solution better than this one I would be glad to know.
-Nelson
2011/11/24 Nelson Teixeira
Hello,
I'm trying to read subjectAltName field from a client certificate with
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];
but the field contains othername:, othername:, othername:, where the
real data should be. There's valid data there because I can see it in
firefox's certificate view. I already have SSLOptions +StdEnvVars
+ExportCertData configured in apache. I can read correctly serveral other
fields.
How can I receive correctly from apache and extract the real data ?
-Nelson
