On Mon, May 23, 2011, drachs wrote: > > I'm trying to parse a certificate for the DNS names of the site it's for. > Unfortunately, all the examples I can find don't bother releasing any of the > ram they acquire! So I'm left trying to figure it out myself because I > need to parse a few hundred of these a second. In addition, I can't seem > to find any api documentation at all that mentions most of these functions. > I've muddled my way through it, but I still have unreleased ram in the cert > itself. I assume something has set a reference count some where. Pointers > to any good docs, or help with the code itself would be appreciated. > >
Once you have the X509 structure for the certificate you call X509_get_ext_d2i() to retrive and parse the extension you are interested in. In this case subject alt name. You get back a STACK_OF(GENERAL_NAME) which you can then examine to look for any DNS name entries. There will be sk_GENERAL_NAME_num() entries and you can get each one with sk_GENERAL_NAME_value(). You can use GENERAL_NAME_get0_value() to examine each entry. Once you've finished GENERAL_NAMES_free() will free them up. There is an example using email address in crypto/x509v3/v3_utl.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
