Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL Get Subject Alternative Name from certificate

I'm developing an iOS app that will need to read Subject Alternative Name from an certificate (.pfx).

Security.framework doesn't have a way to get this information, so you I'm using OpenSSL(openssl-1.0.1e)

To read Subject Name I'm using X509_get_subject_name(certificate) and for Issuer I'm using X509_get_issuer_name(certificate) and is working.

The problem is the Subject Alternative Name. I can't find any function to return this information.

Is it possible using OpenSSL to get the Subject Alternative Name? How?

Edit:

I imported the certificate into MAC keychain. On Subject Alternative Name I see NT Principal Name and RFC 822 Name.

I tried this but it is returning NULL:

GENERAL_NAME *name = (GENERAL_NAME*)X509_get_ext_d2i(cert,NID_subject_alt_name, NULL, NULL)

I'm reading certificate with this:

X509 *cert;
CFDataRef der = SecCertificateCopyData(certificate);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);
d2i_X509(&cert,&ptr,len);
like image 583
António Avatar asked Mar 11 '13 16:03

António


People also ask

How do I get Subject Alternative Name certificate?

The Subject Alternative Name (SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. The use of the SAN extension is standard practice for SSL certificates, and it's on its way to replacing the use of the common name.


1 Answers

You can get the x509 subject alternative name by using X509_get_ext_by_NID() then X509_get_ext() :

int loc = X509_get_ext_by_NID(X509 *, NID_subject_alt_name, -1);

if (loc >= 0) {
  X509_EXTENSION * ext = X509_get_ext(X509 *, loc);

then you have to parse the extension using sk_GENERAL_NAME_num() and sk_GENERAL_NAME_value(), or X509_get_ext_d2i().

like image 106
Remi Gacogne Avatar answered Nov 05 '22 01:11

Remi Gacogne