Parsing subject/issuer strings in X.509
openssl-users at dukhovni.org
Fri Jul 23 14:52:38 UTC 2021
> On 23 Jul 2021, at 2:57 am, David von Oheimb <dev at ddvo.net> wrote:
> What I use is
> X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc);
> which is not an official API function but defined in apps/lib/apps.c:
> * name is expected to be in the format /type0=value0/type1=value1/type2=...
> * where + can be used instead of / to form multi-valued RDNs if canmulti
> * and characters may be escaped by \
> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc)
> Would be good to have such a function as part of the X.509 API.
Note that the "/"-separated form is not the output format of the issuer or
subject names in X509_NAME_oneline(3), x509(1), ... So a public API for
that format may not be a good idea. Perhaps there could be parsers for
the "rfc2253", "rfc2254" and "oneline" formats (or a single parser with
flags to select the format).
More information about the openssl-users