Parsing subject/issuer strings in X.509
David von Oheimb
dev at ddvo.net
Fri Jul 23 06:57:40 UTC 2021
What I use is
X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc);
which is not an official API function but defined in apps/lib/apps.c:
/*
* name is expected to be in the format /type0=value0/type1=value1/type2=...
* where + can be used instead of / to form multi-valued RDNs if canmulti
* and characters may be escaped by \
*/
X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const
char *desc)
Would be good to have such a function as part of the X.509 API.
David
On 23.07.21 07:49, Viktor Dukhovni wrote:
>> On 22 Jul 2021, at 9:29 pm, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>>
>> I'm wondering what the function is that takes a string and returns X509_NAME with the attribute/value pairs of the parsed DN.
> There is no such function in general, since the are many potential
> string forms of X.509 names, not all of which are unambiguously
> machine readable.
>
> There are various functions for augmenting a partially built name
> with an attribute-value pair, but the parsing of a string a list
> of such attribute-value pairs is up to you. :-(
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210723/56e404f6/attachment.html>
More information about the openssl-users
mailing list