[openssl-users] How to retrieve the commonName / Alt-Name (DNS-Name) from a .crt file

Christian Parpart trapni at gmail.com
Wed Feb 18 11:20:55 UTC 2015


On Tue Feb 17 2015 at 9:23:36 PM Jeffrey Walton <noloader at gmail.com> wrote:

> > X509* crt = /* how to get  my X509 out of the SSL_CTX */
>
>     X509* cert = SSL_get_peer_certificate(ssl);
>     if(cert) { X509_free(cert); }
>
> Its reference counted, so be sure to free it.
>

Thanks for the notice.

Cheers,
Christian.




> Jeff
>
> On Tue, Feb 17, 2015 at 4:47 AM, Christian Parpart <trapni at gmail.com>
> wrote:
> > Hey guys,
> >
> > I am rather new to OpenSSL development, but I'd like to integrate SSL
> > communication in my little HTTP server.
> > While this one is working so far, for SNI I actually need to read out the
> > server certificates DNS name extenion and commonName subject.
> >
> > Currently I am doing something like:
> >
> > SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
> > SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_
> FILETYPE_PEM);
> > SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key",
> SSL_FILETYPE_PEM);
> >
> > I need to somehow get a ptr to the X509 struct to do something like:
> >
> > X509* crt = /* how to get  my X509 out of the SSL_CTX */
> > STACK_OF(GENERAL_NAME) altnames =
> >          X509_get_ext_d2i(crt, NID_subject_alt_name, NULL, NULL);
> > int numAltNames = sk_GENERAL_NAME_num(altnames);
> >
> > for (int i = 0; i < numAltNames; ++i) {
> >     GENERAL_NAME* altname = sk_GENERAL_NAME_value(altnames, i);
> >     if (altname->type == GEN_DNS) {
> >         printf("found DNS-Name: %s\n", altname->d.dNSName);
> >     }
> > }
> > GENERAL_NAMES_free(altnames);
> >
> > in order to get the DNS alt-name at least.
> > But how do I come from the SSL_CTX to my X509 struct, or how to I do it
> > else?
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150218/7471c8eb/attachment.html>


More information about the openssl-users mailing list