Parsing subject/issuer strings in X.509

Viktor Dukhovni openssl-users at
Fri Jul 23 14:52:38 UTC 2021

> On 23 Jul 2021, at 2:57 am, David von Oheimb <dev at> wrote:
> What I use is
>         X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc);
> which is not an official API function but defined in apps/lib/apps.c:
> /*
>  * name is expected to be in the format /type0=value0/type1=value1/type2=...
>  * where + can be used instead of / to form multi-valued RDNs if canmulti
>  * and characters may be escaped by \
>  */
> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc)
> Would be good to have such a function as part of the X.509 API.

Note that the "/"-separated form is not the output format of the issuer or
subject names in X509_NAME_oneline(3), x509(1), ...  So a public API for
that format may not be a good idea.  Perhaps there could be parsers for
the "rfc2253", "rfc2254" and "oneline" formats (or a single parser with
flags to select the format).


More information about the openssl-users mailing list