On Fri, Nov 17, 2006, Manivannan S - TLS, Chennai wrote: > Hi all, > > I am working in an application which involves TLS connection. My > requirement is to read > > subjectAltName from the client certificate received by the server, when > accepting TLS connection. > > > > I have generated CA certificate, client and server certificate > with subjectAltName extension. >
What command(s) have you used to do that? > I used openssl 0.9.7 library to read the peer certificate using the API > "SSL_get_peer_certificate(ssl);". > > But it is always showing extension field of the x509 cert_info as NULL. > > > > Please confirm whether my steps are right in reading > subjectAltName? > > Or please share me the right way to do it. > Reading subject alt name or any other extension can be done using X509_get_ext_d2i() rather than accessing the X509 structure directly. If the extensions field is really NULL then the certificate doesn't contain any extensions which suggests it has been incorrectly generated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
