Thanks for the reply. Is there somewhere I can look at the correct code to check the DNS name in a subjectAltName?
-- Doug Sauder "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote on 03/11/2005, 01:32:29 PM: > On Fri, Mar 11, 2005, [EMAIL PROTECTED] wrote: > > > > > Looking at the OpenSSL source code, I believe that the caller must free > > the struct that X509_get_ext_d2i returns. What function should I call > > to free the returned struct? > > > > My code looks like this: > > > > X509_EXTENSION* ext = 0; > > X509V3_EXT_METHOD* method = 0; > > void* entries = 0; > > int idx = -1; > > int nid = NID_subject_alt_name; > > idx = X509_get_ext_by_NID(cert, nid, idx); > > if (idx >= 0) { > > ext = X509_get_ext(cert, idx); > > if (ext) { > > method = X509V3_EXT_get(ext); > > } > > } > > entries = X509_get_ext_d2i(cert, nid, 0, 0); > > if (method && entries) { > > STACK_OF(CONF_VALUE)* val = method->i2v(method, entries, 0); > > for (int j = 0; j < sk_CONF_VALUE_num(val); ++j) { > > CONF_VALUE* nval = sk_CONF_VALUE_value(val, j); > > if (strcmpi_(nval->name, "DNS") == 0) { > > retVal = -2; > > if (strcmpi_(nval->value, aServerName) == 0) { > > retVal = 0; > > break; > > } > > } > > } > > } > > > > Also, do I need to free the result from method->i2v? If so, how? > > > > Don't do things that way. It uses extension method structure internals and is > likely to cause problems if the underlying structures change. > > The value returned by X509_get_ext_d2i() depends on the extensioin being used. > > In the case of subject alt name it is a STACK_OF(GENERAL_NAME). If you check > the definition of this structure in x509v3.h you can search it for a DNS name > and examine the result in there. > > When you've done that a call to: > > sk_GENERAL_NAME_pop_free(gen_names, GENERAL_NAME_free); > > will free it. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]