OpenSSL Get Alternate Object Name from Certificate

Question

OpenSSL Get Alternate Object Name from Certificate

I am developing an iOS application that will have to read the alternate name of the object from the certificate (.pfx).

Security.framework has no way to get this information, so I use OpenSSL (openssl-1.0.1e)

To read the Subject Name I use X509_get_subject_name (certificate), and for the Issuer I use X509_get_issuer_name (certificate) and it works.

The problem is the subject’s alternate name. I cannot find any function to return this information.

Is it possible to use OpenSSL to get an alternative subject name? How?

Edit:

I imported the certificate into the MAC keychain. For the subject alternative name, I see the name NT and the name RFC 822.

I tried this, but it returns NULL:

GENERAL_NAME *name = (GENERAL_NAME*)X509_get_ext_d2i(cert,NID_subject_alt_name, NULL, NULL)

I am reading a certificate with this:

X509 *cert;
CFDataRef der = SecCertificateCopyData(certificate);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);
d2i_X509(&cert,&ptr,len);

+5

ios objective-c openssl x509certificate

Freedom 11 . '13 16:37

1

Remi Gacogne · Accepted Answer · 2013-03-12T10:53:12+0000

x509, X509_get_ext_by_NID(), X509_get_ext():

int loc = X509_get_ext_by_NID(X509 *, NID_subject_alt_name, -1);

if (loc >= 0) {
  X509_EXTENSION * ext = X509_get_ext(X509 *, loc);

sk_GENERAL_NAME_num() sk_GENERAL_NAME_value() X509_get_ext_d2i().

OpenSSL Get Alternate Object Name from Certificate

More articles: