On Fri, Mar 11, 2005, [EMAIL PROTECTED] wrote:
>
> Looking at the OpenSSL source code, I believe that the caller must free
> the struct that X509_get_ext_d2i returns. What function should I call
> to free the returned struct?
>
> My code looks like this:
>
> X509_EXTENSION* ext = 0;
> X509V3_EXT_METHOD* method = 0;
> void* entries = 0;
> int idx = -1;
> int nid = NID_subject_alt_name;
> idx = X509_get_ext_by_NID(cert, nid, idx);
> if (idx >= 0) {
> ext = X509_get_ext(cert, idx);
> if (ext) {
> method = X509V3_EXT_get(ext);
> }
> }
> entries = X509_get_ext_d2i(cert, nid, 0, 0);
> if (method && entries) {
> STACK_OF(CONF_VALUE)* val = method->i2v(method, entries, 0);
> for (int j = 0; j < sk_CONF_VALUE_num(val); ++j) {
> CONF_VALUE* nval = sk_CONF_VALUE_value(val, j);
> if (strcmpi_(nval->name, "DNS") == 0) {
> retVal = -2;
> if (strcmpi_(nval->value, aServerName) == 0) {
> retVal = 0;
> break;
> }
> }
> }
> }
>
> Also, do I need to free the result from method->i2v? If so, how?
>
Don't do things that way. It uses extension method structure internals and is
likely to cause problems if the underlying structures change.
The value returned by X509_get_ext_d2i() depends on the extensioin being used.
In the case of subject alt name it is a STACK_OF(GENERAL_NAME). If you check
the definition of this structure in x509v3.h you can search it for a DNS name
and examine the result in there.
When you've done that a call to:
sk_GENERAL_NAME_pop_free(gen_names, GENERAL_NAME_free);
will free it.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
