How does a client get the server's SAN/DNS strings

Michel michel.sales at online.fr
Sat Apr 16 20:45:05 UTC 2022


Hi Hal,

Might be simpler to use the 'X509_VERIFY_PARAM...' interface.

Did you see :
https://www.openssl.org/docs/man1.1.1/man3/X509_VERIFY_PARAM_set1_host.html

Hope it helps,

Regards,

Michel.


-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Hal Murray
Envoyé : samedi 16 avril 2022 22:19
À : openssl-users at openssl.org
Objet : How does a client get the server's SAN/DNS strings

I can get the subject and issuer with
  X509_get_subject_name and X509_get_issuer_name

I'm looking for something similar to get the SAN/DNS strings used to verify 
that this certificate is valid for the hostname provided via SSL_set1_host

Any API will be slightly complicated since there may be more than one
SAN/DNS 
string.

-- 
These are my opinions.  I hate spam.





More information about the openssl-users mailing list