[openssl-users] How to retrieve the commonName / Alt-Name (DNS-Name) from a .crt file
Christian Parpart
trapni at gmail.com
Tue Feb 17 09:47:46 UTC 2015
Hey guys,
I am rather new to OpenSSL development, but I'd like to integrate SSL
communication in my little HTTP server.
While this one is working so far, for SNI I actually need to read out the
server certificates DNS name extenion and commonName subject.
Currently I am doing something like:
SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key", SSL_FILETYPE_PEM);
I need to somehow get a ptr to the X509 struct to do something like:
X509* crt = /* how to get my X509 out of the SSL_CTX */
STACK_OF(GENERAL_NAME) altnames =
X509_get_ext_d2i(crt, NID_subject_alt_name, NULL, NULL);
int numAltNames = sk_GENERAL_NAME_num(altnames);
for (int i = 0; i < numAltNames; ++i) {
GENERAL_NAME* altname = sk_GENERAL_NAME_value(altnames, i);
if (altname->type == GEN_DNS) {
printf("found DNS-Name: %s\n", altname->d.dNSName);
}
}
GENERAL_NAMES_free(altnames);
in order to get the DNS alt-name at least.
But how do I come from the SSL_CTX to my X509 struct, or how to I do it
else?
Many thanks in advance,
Christian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150217/7e7b3143/attachment.html>
More information about the openssl-users
mailing list