Re: get subjectAltName

Christian Hohnstaedt Wed, 22 Sep 2010 03:43:43 -0700

On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote:
> Hello,
> I am using Linux.
> I am trying to print the subjectAltName present in the certificate, but 
> i am seeing crash in /lib/libcrypto.so.6
> core was generated by `./a.out'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
> (gdb) bt
> #0  0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
> #1  0x0593a786 in X509v3_get_ext_by_OBJ () from /lib/libcrypto.so.6
> #2  0x0593a7ce in X509v3_get_ext_by_NID () from /lib/libcrypto.so.6
> #3  0x08048870 in find_root_cert (in=0x9445a72 "", len=1002) at 
> find_root.c:37
> #4  0x080489af in main () at find_root.c:65
> 
> Help me to solve this issue. Please guide, if any other alternative to 
> method to achieve the same
> Please find the code used below.


First hint: look at the warnings issued by the compiler.
They usually indicate you are doing something wrong.

> 
> Thanks and Regards
> Naveen
> 
> /************  Start code ***************/int find_root_cert(char 
> *in,int len)
> {
>    X509 *cert1=NULL;
>    X509_NAME *name;
>    char *buffer;       X509_EXTENSION *ext=NULL;
>    char *test;
>    int pos=0,nid;
> 
>    cert1=d2i_X509(NULL,&in,len);
>    printf("\n cert=%x ", cert1);
>    name=X509_get_subject_name(cert1);
>    buffer=X509_NAME_oneline(name, 0, 0);
>    if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
>        return -1;
>    else
>    {        *   nid=OBJ_sn2nid("subjectAltName");
>        pos=X509v3_get_ext_by_NID (cert1,OBJ_sn2nid("subjectAltName"), -1);

/* no need to translate constant string ("subjectAltName") to NID
   Use the nid constant directly: NID_subject_alt_name
   X509v3_get_ext_by_NID() expects a pointer to extensions
   X509_get_ext_by_NID() expects a cert as first argument
*/
pos=X509_get_ext_by_NID (cert1, NID_subject_alt_name, -1);

/* need to check for existance of subjectAltName */
if (pos == -1)
   ERROR();
   
>          ext=X509v3_get_ext(cert1,pos);

Same as above: use X509_get_ext() instead.
The compiler told you about incompatible pointer types. Don't ignore it.

>        if(ext!=NULL){
>        test=d2i_ASN1_IA5STRING(&ext->value->data,NULL,0);

It is not that easy....

The subaltname is tagged as otherName in the kdc.cer
You need to parse the othername, which contains the OID
1.3.6.1.5.2.2
which indicates a DER encoded KRB5PrincipalName
search Google for the OID


Cheers
        Christian
        
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: get subjectAltName

Reply via email to