Hi All,
> The code below gives the FIRST Common Name RDN, not the last
> one in the hierarchy
> to be tested as a servername in tls. But well, if you only have one
> occurrence of common name :-)
>
> Anyway, the WHOLE DN, i.e. all attributes together are supposed to be
> unique in a CA.
> Of course, if your private CA makes the common name attribute
> unique .. There may be more than one "Joe Smith"
>
> There are utility function to get a string representation of
> the whole
> subject, with many options about
> the formatting, one almlowing to be used diurectly in a ldap request
> etc. ==> cf apps/x509.c
I must admit to being even more confused after the all the replies
to this thread! Thanks for all the input ;-)
I have experimented with the code examples given and some do not
yield objects that look particularly unique (i.e. short strings).
The following code seems promising:
cert = SSL_get_peer_certificate(ssl);
subj = X509_get_subject_name(cert);
if (X509_NAME_oneline(subj, data, 256))
{
printf("Peer subject='%s'", data);
}
Can anyone comment whether this (data) would suffice? I also noted
that a hash value of this subject line is also available. That
might yield a good database key?
Cheers,
Mark.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
