I'm developing an iOS app that will need to read Subject Alternative Name from an certificate (.pfx).
Security.framework doesn't have a way to get this information, so you I'm using OpenSSL(openssl-1.0.1e)
To read Subject Name I'm using X509_get_subject_name(certificate) and for Issuer I'm using X509_get_issuer_name(certificate) and is working.
The problem is the Subject Alternative Name. I can't find any function to return this information.
Is it possible using OpenSSL to get the Subject Alternative Name? How?
Edit:
I imported the certificate into MAC keychain. On Subject Alternative Name I see NT Principal Name and RFC 822 Name.
I tried this but it is returning NULL:
GENERAL_NAME *name = (GENERAL_NAME*)X509_get_ext_d2i(cert,NID_subject_alt_name, NULL, NULL)
I'm reading certificate with this:
X509 *cert;
CFDataRef der = SecCertificateCopyData(certificate);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);
d2i_X509(&cert,&ptr,len);
The Subject Alternative Name (SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. The use of the SAN extension is standard practice for SSL certificates, and it's on its way to replacing the use of the common name.
You can get the x509 subject alternative name by using X509_get_ext_by_NID() then X509_get_ext() :
int loc = X509_get_ext_by_NID(X509 *, NID_subject_alt_name, -1);
if (loc >= 0) {
X509_EXTENSION * ext = X509_get_ext(X509 *, loc);
then you have to parse the extension using sk_GENERAL_NAME_num() and sk_GENERAL_NAME_value(), or X509_get_ext_d2i().
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With