Extracting all values of a subject attribute in a certificate

Question

I'm currently using CertGetNameString to extract the values for each subject attribute like so:

CertGetNameString(pCertificate,
                  CERT_NAME_ATTR_TYPE,
                  0,
                  szOID_ORGANIZATIONAL_UNIT_NAME,
                  buf,
                  _countof(buf));

However some certificates I've found have multiple values for the organizational unit name (OU) and CertGetNameString can only read the first. For instance this is the subject of an Adobe certificate:

CN = Adobe Systems, Incorporated
OU = Acrobat Engineering
OU = Digital ID Class 3 - Microsoft Software Validation v2
O = Adobe Systems, Incorporated
L = San Jose
S = California
C = US

How can I read all values for the OU (and other) attribute(s) using CryptoAPI?

Answer 1

Ok, found the solution. The correct API to use is CertNameToStr, like so:

    CertNameToStr(X509_ASN_ENCODING,
                  &pCertificate->pCertInfo->Subject,
                  CERT_X500_NAME_STR,
                  buf,
                  _countof(buf));

It will return a string such as:

C=US, S=California, L=San Jose, O="Adobe Systems, Incorporated", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Acrobat Engineering, CN="Adobe Systems, Incorporated"

Which can then be parsed if individual attribute values are required.