[openssl-users] Displaying subjectAtlName othername content
Robert Moskowitz
rgm at htt-consult.com
Mon Aug 14 19:38:20 UTC 2017
On 08/14/2017 03:28 PM, Jakob Bohm wrote:
> On 14/08/2017 20:55, Robert Moskowitz wrote:
>>
>>
>> On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
>>> ➢ Is there anyway to display the basic ASN.1 structure here so I can
>>> see
>>> what was stored in the cert?
>>> openssl asn1parse
>>
>> Humpf. I looked at that a few times and did not see the obvious. Sigh.
>>
>> So some progress. using -i and got:
>>
>> 573:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject
>> Alternative Name
>> 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX
>> DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304
>>
>> Added -strparse 578 and got:
>>
>> 0:d=0 hl=2 l= 27 cons: SEQUENCE
>> 2:d=1 hl=2 l= 25 cons: cont [ 0 ]
>> 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4
>> 14:d=2 hl=2 l= 13 cons: cont [ 0 ]
>> 16:d=3 hl=2 l= 11 cons: SEQUENCE
>> 18:d=4 hl=2 l= 3 prim: OBJECT :1.2.3.4
>> 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304
>>
>> Since I don't know that SubjectAltName content will always start at
>> 578, I have to do the asn1parse in two steps.
>>
>> It is a start...
> Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and
> automatically descends into these structures. However it requires that
> you convert from Base64 to binary before calling it.
And build your own version of openssl! I am too far behind on this and
other work to invest more time building my own modules. Sigh.
Thanks, though. Perhaps get to it later.
Bob
More information about the openssl-users
mailing list