[openssl-users] How to retrieve the commonName / Alt-Name (DNS-Name) from a .crt file

Christian Parpart trapni at gmail.com
Tue Feb 17 09:47:46 UTC 2015


Hey guys,

I am rather new to OpenSSL development, but I'd like to integrate SSL
communication in my little HTTP server.
While this one is working so far, for SNI I actually need to read out the
server certificates DNS name extenion and commonName subject.

Currently I am doing something like:

SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key", SSL_FILETYPE_PEM);

I need to somehow get a ptr to the X509 struct to do something like:

X509* crt = /* how to get  my X509 out of the SSL_CTX */
STACK_OF(GENERAL_NAME) altnames =
         X509_get_ext_d2i(crt, NID_subject_alt_name, NULL, NULL);
int numAltNames = sk_GENERAL_NAME_num(altnames);

for (int i = 0; i < numAltNames; ++i) {
    GENERAL_NAME* altname = sk_GENERAL_NAME_value(altnames, i);
    if (altname->type == GEN_DNS) {
        printf("found DNS-Name: %s\n", altname->d.dNSName);
    }
}
GENERAL_NAMES_free(altnames);

in order to get the DNS alt-name at least.
But how do I come from the SSL_CTX to my X509 struct, or how to I do it
else?

Many thanks in advance,
Christian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150217/7e7b3143/attachment.html>


More information about the openssl-users mailing list