How does a client get the server's SAN/DNS strings

Michel michel.sales at
Sat Apr 16 23:32:17 UTC 2022

My quick answer :

    int iPos = X509_get_ext_by_NID( pCX509, NID_subject_alt_name, -1 );
    if( iPos < 0 ) ...;
    X509_EXTENSION* pE = X509_get_ext(pCX509, iPos );

    pGNames = (GENERAL_NAMES*)X509V3_EXT_d2i( pE );		// (stack of

    for( ;; )
    pGName = sk_GENERAL_NAME_value( pNames, i );

    switch( pGName->type ) {

    case GEN_EMAIL:
    case GEN_URI:
    case GEN_DNS:
    case GEN_RID:
    case GEN_IPADD:
    case GEN_DIRNAME:
    Look at crypto\X509\v3_genn.c

    May be there is something new, more straightforward.

    Hope it helps, it is very late in the night here.


-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at] De la part de
Hal Murray
Envoyé : dimanche 17 avril 2022 00:02
À : openssl-users at
Objet : Re: How does a client get the server's SAN/DNS strings

openssl-users at said:
> Can you explain *why* you want the list of DNS names?
> Is this just for logging..

Yes, just for logging.

These are my opinions.  I hate spam.

More information about the openssl-users mailing list