How does a client get the server's SAN/DNS strings

[Michel]

My quick answer :

    int iPos = X509_get_ext_by_NID( pCX509, NID_subject_alt_name, -1 );
    if( iPos < 0 ) ...;
    X509_EXTENSION* pE = X509_get_ext(pCX509, iPos );

    pGNames = (GENERAL_NAMES*)X509V3_EXT_d2i( pE );		// (stack of
GENERAL_NAME)

    for( ;; )
    pGName = sk_GENERAL_NAME_value( pNames, i );

    switch( pGName->type ) {

    case GEN_EMAIL:
    case GEN_URI:
    case GEN_DNS:
    case GEN_RID:
    case GEN_IPADD:
    case GEN_DIRNAME:
	...
    }
    Look at crypto\X509\v3_genn.c

    May be there is something new, more straightforward.

    Hope it helps, it is very late in the night here.

    Michel. 

-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Hal Murray
Envoyé : dimanche 17 avril 2022 00:02
À : openssl-users at openssl.org
Objet : Re: How does a client get the server's SAN/DNS strings

openssl-users at dukhovni.org said:
> Can you explain *why* you want the list of DNS names?
> Is this just for logging..

Yes, just for logging.


-- 
These are my opinions.  I hate spam.