On Wed, Mar 08, 2006, caveman007 (sent by Nabble.com) wrote:
>
> BTW, when I want to extract this DNS (e.g. in the case of
> authentication/identity validation)
> as a char* string, I'm trying this:
>
> GENERAL_NAME* gen = X509_get_ext_d2i (cert, NID_dNSDomain, NULL, NULL);
> if (gen && gen->type == GEN_DNS) {
> char* buf = i2s_ASN1_OCTET_STRING(X509V3_EXT_get_nid(NID_dNSDomain),
> (gen->d.dNSName) );
> ...
> }
>
> Everything goes OK with obtaining GENERAL_NAME* structure and it's GEN_DNS
> type check,
> until the point of conversion. The 'buf' stays NULL, even when replacing the
> X509V3_EXT_METHOD*
> with NID_subject_alt_name or just NULL.
> Many people talk about such a task of extracting dNSName, but could anybody
> show it?
I'm surprised that didn't actually crash. The X509_get_ex_d2i() function is
not returning a GENERAL_NAME structure but a STACK_OF(GENERAL_NAME). You need
to look through that stack for someting of type GEN_DNS and then you can get
its string value, though not using i2s_ASN1_OCTET_STRING...
There is an example which uses email address in the function get_email in the
file v3_utl.c. That should be easy enough to adapt.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
