Re: Re: Using X509 get ext d2i

Doug Sauder Fri, 11 Mar 2005 05:27:25 -0800

Thanks for the reply.

Is there somewhere I can look at the correct code to check the DNS name
in a subjectAltName?


--
Doug Sauder

"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote on 03/11/2005, 01:32:29
PM:
> On Fri, Mar 11, 2005, [EMAIL PROTECTED] wrote:
> 
> > 
> > Looking at the OpenSSL source code, I believe that the caller must free 
> > the struct that X509_get_ext_d2i returns.  What function should I call 
> > to free the returned struct?
> > 
> > My code looks like this:
> > 
> >     X509_EXTENSION* ext = 0;
> >     X509V3_EXT_METHOD* method = 0;
> >     void* entries = 0;
> >     int idx = -1;
> >     int nid = NID_subject_alt_name;
> >     idx = X509_get_ext_by_NID(cert, nid, idx);
> >     if (idx >= 0) {
> >         ext = X509_get_ext(cert, idx);
> >         if (ext) {
> >             method = X509V3_EXT_get(ext);
> >         }
> >     }
> >     entries = X509_get_ext_d2i(cert, nid, 0, 0);
> >     if (method && entries) {
> >         STACK_OF(CONF_VALUE)* val = method->i2v(method, entries, 0);
> >         for (int j = 0; j < sk_CONF_VALUE_num(val); ++j) {
> >             CONF_VALUE* nval = sk_CONF_VALUE_value(val, j);
> >             if (strcmpi_(nval->name, "DNS") == 0) {
> >                 retVal = -2;
> >                 if (strcmpi_(nval->value, aServerName) == 0) {
> >                     retVal = 0;
> >                     break;
> >                 }
> >             }
> >         }
> >     }
> > 
> > Also, do I need to free the result from method->i2v?  If so, how?
> > 
> 
> Don't do things that way. It uses extension method structure internals and is
> likely to cause problems if the underlying structures change.
> 
> The value returned by X509_get_ext_d2i() depends on the extensioin being used.
> 
> In the case of subject alt name it is a STACK_OF(GENERAL_NAME). If you check
> the definition of this structure in x509v3.h you can search it for a DNS name
> and examine the result in there.
> 
> When you've done that a call to:
> 
> sk_GENERAL_NAME_pop_free(gen_names, GENERAL_NAME_free);
> 
> will free it.
> 
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: Re: Using X509 get ext d2i

Reply via email to