How does a client get the server's SAN/DNS strings
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Apr 16 21:09:22 UTC 2022
On Sat, Apr 16, 2022 at 01:18:57PM -0700, Hal Murray wrote:
> I can get the subject and issuer with
> X509_get_subject_name and X509_get_issuer_name
>
> I'm looking for something similar to get the SAN/DNS strings used to verify
> that this certificate is valid for the hostname provided via SSL_set1_host
>
> Any API will be slightly complicated since there may be more than one SAN/DNS
> string.
Can you explain *why* you want the list of DNS names? What's wrong with
letting OpenSSL doing the validation for you? Is this just for logging,
or do you intend to supplant the built-in name checks?
--
Viktor.
More information about the openssl-users
mailing list