Parsing subject/issuer strings in X.509

David von Oheimb dev at
Fri Jul 23 06:57:40 UTC 2021

What I use is

        X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc);

which is not an official API function but defined in apps/lib/apps.c:

 * name is expected to be in the format /type0=value0/type1=value1/type2=...
 * where + can be used instead of / to form multi-valued RDNs if canmulti
 * and characters may be escaped by \
X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const
char *desc)

Would be good to have such a function as part of the X.509 API.


On 23.07.21 07:49, Viktor Dukhovni wrote:
>> On 22 Jul 2021, at 9:29 pm, Philip Prindeville <philipp_subx at> wrote:
>> I'm wondering what the function is that takes a string and returns X509_NAME with the attribute/value pairs of the parsed DN.
> There is no such function in general, since the are many potential
> string forms of X.509 names, not all of which are unambiguously
> machine readable.
> There are various functions for augmenting a partially built name
> with an attribute-value pair, but the parsing of a string a list
> of such attribute-value pairs is up to you. :-(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list