Parsing subject/issuer strings in X.509

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Jul 23 18:17:40 UTC 2021


Yeah, agreed, although I'd like the parser to work with the output of "openssl x509 ... -subject", i.e. RFC-4514 format, which is "CN=name, O=Acme Corporation, C=US" ... etc.



> On Jul 23, 2021, at 12:57 AM, David von Oheimb <dev at ddvo.net> wrote:
> 
> What I use is
> 
>         X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc);
> 
> which is not an official API function but defined in apps/lib/apps.c:
> 
> /*
>  * name is expected to be in the format /type0=value0/type1=value1/type2=...
>  * where + can be used instead of / to form multi-valued RDNs if canmulti
>  * and characters may be escaped by \
>  */
> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc)
> 
> Would be good to have such a function as part of the X.509 API.
> 
>     David
> 
> On 23.07.21 07:49, Viktor Dukhovni wrote:
>>> On 22 Jul 2021, at 9:29 pm, Philip Prindeville <philipp_subx at redfish-solutions.com> <mailto:philipp_subx at redfish-solutions.com> wrote:
>>> 
>>> I'm wondering what the function is that takes a string and returns X509_NAME with the attribute/value pairs of the parsed DN.
>> There is no such function in general, since the are many potential
>> string forms of X.509 names, not all of which are unambiguously
>> machine readable.
>> 
>> There are various functions for augmenting a partially built name
>> with an attribute-value pair, but the parsing of a string a list
>> of such attribute-value pairs is up to you. :-(
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210723/4f552ac9/attachment.html>


More information about the openssl-users mailing list