[openssl-users] Creating requests and certificates with Subject Alternative Names
Angus Robertson - Magenta Systems Ltd
angus at magsys.co.uk
Thu Sep 21 17:56:00 UTC 2017
I'm creating X509 certificate requests and certificates in code, trying
to add X509v3 Subject Alternative Name, with 1.1.0f.
But if I add a list of four domains, ie:
www1.mydomain
www2.mydomain
www3.mydomain
www4.mydomain
The certificate seems to ignore some and repeat others:
X509v3 Subject Alternative Name:
DNS:www3.mydomain, DNS:www4.mydomain, DNS:www3.mydomain,
DNS:www4.mydomain
Finding documentation for SANs in OpenSSL is very hard, there don't
seem to be high level APIs to create extension content stacks. The
best I found is set_altname in v3nametest.c which builds a stack of
GENERAL_NAMES and adds it using X509_add1_ext_i2d.
I must be something correct since it half works, but no idea why the
data is corrupted.
To complicate matters, I'm not writing in C, but using Delphi pascal,
so all the OpenSSL APIs and macros have been converted to Delphi, which
does potentially cause errors in translation. This is an open source
Delphi interface to OpenSSL.
Angus
More information about the openssl-users
mailing list