[openssl-dev] PHP openssl ext port for 1.1 - cert->name

Dr. Stephen Henson steve at openssl.org
Tue Mar 1 21:03:32 UTC 2016

On Tue, Mar 01, 2016, Jakub Zelenka wrote:

> Hello,
> I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and
> just came across one thing that I can't find a function for.
> We have got a part in openssl_x509_parse where we display cert->name (cert
> is X509 struct) if it is not NULL:
> https://github.com/php/php-src/blob/715a198e1f4f6f79f596963727b1a1c92e7fed1b/ext/openssl/openssl.c#L1998
> The X509 is now opaque and I can't find any function for that which I might
> be missing because it's quite late... :)
> I tried to find it using
> grep -rn '>name' crypto/x509
> but it doesn't show any function that would return a cert name
> Not sure if it's actually useful to show that but I see that the name is
> set in x509_cb when operation is ASN1_OP_D2I_POST
> as X509_NAME_oneline(ret->cert_info.subject, NULL, 0) .
> Please could you let me know if there is a function for that or what I
> should use instead?

It isn't really useful. It uses the ancient and quirky X509_NAME_oneline()
function to convert the certificate subject name to an old oneline format
(which mishandles things like multi byte characters).

If you really want it you can create it using X509_get_subect_name() and
X509_NAME_oneline() directly but you have to free it once you've finished with

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-dev mailing list