[openssl-users] Displaying subjectAtlName othername content

Jakob Bohm jb-openssl at wisemo.com
Mon Aug 14 20:00:13 UTC 2017 

On 14/08/2017 21:38, Robert Moskowitz wrote:
> 
> 
> On 08/14/2017 03:28 PM, Jakob Bohm wrote:
>> On 14/08/2017 20:55, Robert Moskowitz wrote:
>>>
>>>
>>> On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
>>>> ➢ Is there anyway to display the basic ASN.1 structure here so I can 
>>>> see
>>>>      what was stored in the cert?
>>>>      openssl asn1parse
>>>
>>> Humpf.  I looked at that a few times and did not see the obvious. Sigh.
>>>
>>> So some progress.  using -i and got:
>>>
>>>   573:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject 
>>> Alternative Name
>>>   578:d=5  hl=2 l=  29 prim:      OCTET STRING      [HEX 
>>> DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304
>>>
>>> Added -strparse 578 and got:
>>>
>>>     0:d=0  hl=2 l=  27 cons: SEQUENCE
>>>     2:d=1  hl=2 l=  25 cons:  cont [ 0 ]
>>>     4:d=2  hl=2 l=   8 prim:   OBJECT :1.3.6.1.5.5.7.8.4
>>>    14:d=2  hl=2 l=  13 cons:   cont [ 0 ]
>>>    16:d=3  hl=2 l=  11 cons:    SEQUENCE
>>>    18:d=4  hl=2 l=   3 prim:     OBJECT            :1.2.3.4
>>>    23:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304
>>>
>>> Since I don't know that SubjectAltName content will always start at 
>>> 578, I have to do the asn1parse in two steps.
>>>
>>> It is a start...
>> Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and
>> automatically descends into these structures.  However it requires that
>> you convert from Base64 to binary before calling it.
> 
> 
> And build your own version of openssl!  I am too far behind on this and 
> other work to invest more time building my own modules.  Sigh.
> 
> Thanks, though.  Perhaps get to it later.
> 

dumpasn1.c is a useful ready-to-use tool that just needs a trivial
compile from a single file to a program for your computer type.  It has
saved me a lot of time over the years.



Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list