Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to retrieve issuer alternative name for ssl certificate by openssl

Tags:

c

ssl

openssl

I can get the subject alternative name like 

 X509_NAME_get_text_by_NID(X509_get_subject_name(x), NID_subject_alt_name, hc->https_domain_name, 256)

With same method by changing 2. parameter to NID_issuer_alt_name I am expecting to get issuer name like; 

X509_NAME_get_text_by_NID(X509_get_subject_name(x), NID_issuer_alt_name, hc->https_ca_name, 256);

But instead I am getting a empty string . How can I retrieve issuer alternative name correctly?

like image 612
Kadir Erdem Demir Avatar asked Apr 08 '13 09:04

Kadir Erdem Demir

People also ask

What is CN name in certificate?

The Common Name (AKA CN) represents the server name protected by the SSL certificate. The certificate is valid only if the request hostname matches the certificate common name. Most web browsers display a warning message when connecting to an address that does not match the common name in the certificate.

1 Answers

You could try the following solution, as recommended in https://github.com/iSECPartners/ssl-conservatory :

static HostnameValidationResult matches_subject_alternative_name (const char *hostname, const X509 *server_cert) {
    HostnameValidationResult result = MatchNotFound;
    int i;
    int san_names_nb = -1;
    STACK_OF(GENERAL_NAME) *san_names = NULL;

    // Try to extract the names within the SAN extension from the certificate
    san_names = X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
    if (san_names == NULL) {
        return NoSANPresent;
    }
    san_names_nb = sk_GENERAL_NAME_num(san_names);

    // Check each name within the extension
    for (i=0; i<san_names_nb; i++) {
        const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);

        if (current_name->type == GEN_DNS) {
            // Current name is a DNS name, let's check it
            char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName);

            // Make sure there isn't an embedded NUL character in the DNS name
            if (ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
                result = MalformedCertificate;
                break;
            }
            else { // Compare expected hostname with the DNS name
                if (strcasecmp(hostname, dns_name) == 0) {
                    result = MatchFound;
                    break;
                }
            }
        }
    }
    sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);

    return result;
}

Hope it helps !

like image 133
Paul Avatar answered Nov 11 '22 13:11

Paul
Sign in to Comment

Related questions

Why am I getting correct output even though the code is logically incorrect
Mid point in a link list in a single traversal?
Comparing speed of Haskell and C for the computation of primes
Type-qualifiers on function return type
maximum size of bss and data
How to use a spin lock if copy_to_user needs to be called?
Simple wire protocol, what's a guy to do?
Fastest way to find minimum distance of one point to points on a curve
Using global variables declared in C, in Arm assembly
Sorting in C: swapping pointers leads to unexpected results
How do I call an unmanaged function that has a char[] as OUT parameter from C#?
C: warning: excess elements in array initializer; near initialization for ‘xxx' ; expects ‘char *’, but has type ‘int’
Library that has reference to fork() in C
Is there a memcmp equivalent for comparing byte arrays in Mono?
What is the difference between .rodata and .rodata.str1.4 section in compiled output for string literals?
Why copy function arguments into local variables?
Reset the C/C++ preprocessor #line the physical file/line
Allocating a new call stack
Does valgrind memcheck support checking mmap
error In using math function in gcc?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!