[openssl-users] How to retrieve the commonName / Alt-Name (DNS-Name) from a .crt file

Jeffrey Walton noloader at gmail.com
Tue Feb 17 20:14:56 UTC 2015


> X509* crt = /* how to get  my X509 out of the SSL_CTX */

    X509* cert = SSL_get_peer_certificate(ssl);
    if(cert) { X509_free(cert); }

Its reference counted, so be sure to free it.

Jeff

On Tue, Feb 17, 2015 at 4:47 AM, Christian Parpart <trapni at gmail.com> wrote:
> Hey guys,
>
> I am rather new to OpenSSL development, but I'd like to integrate SSL
> communication in my little HTTP server.
> While this one is working so far, for SNI I actually need to read out the
> server certificates DNS name extenion and commonName subject.
>
> Currently I am doing something like:
>
> SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
> SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_FILETYPE_PEM);
> SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key", SSL_FILETYPE_PEM);
>
> I need to somehow get a ptr to the X509 struct to do something like:
>
> X509* crt = /* how to get  my X509 out of the SSL_CTX */
> STACK_OF(GENERAL_NAME) altnames =
>          X509_get_ext_d2i(crt, NID_subject_alt_name, NULL, NULL);
> int numAltNames = sk_GENERAL_NAME_num(altnames);
>
> for (int i = 0; i < numAltNames; ++i) {
>     GENERAL_NAME* altname = sk_GENERAL_NAME_value(altnames, i);
>     if (altname->type == GEN_DNS) {
>         printf("found DNS-Name: %s\n", altname->d.dNSName);
>     }
> }
> GENERAL_NAMES_free(altnames);
>
> in order to get the DNS alt-name at least.
> But how do I come from the SSL_CTX to my X509 struct, or how to I do it
> else?


More information about the openssl-users mailing list