1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#include <stddef.h>
#include <stdio.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
int main()
{
FILE *fp = fopen("testdata/www-fehcom-net.pem", "r");
if (!fp) {
fprintf(stderr, "Unable to open certificate file\n");
return 1;
}
X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
if (!cert) {
fprintf(stderr, "Unable to parse certificate\n");
return 1;
}
fclose(fp);
GENERAL_NAMES *san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (!san) {
fprintf(stderr, "No Subject Alternative Names found\n");
return 1;
}
int num_sans = sk_GENERAL_NAME_num(san);
for (int i = 0; i < num_sans; i++) {
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san, i);
switch (current_name->type) {
case GEN_DNS:
// these are alternative host names
printf("DNS: %s\n", ASN1_STRING_get0_data(current_name->d.dNSName));
break;
case GEN_EMAIL:
printf("Email: %s\n", ASN1_STRING_get0_data(current_name->d.rfc822Name));
break;
case GEN_URI:
printf("URI: %s\n", ASN1_STRING_get0_data(current_name->d.uniformResourceIdentifier));
break;
case GEN_IPADD:
int len = ASN1_STRING_length(current_name->d.iPAddress);
if (len != 4) {
fprintf(stderr, "Length mismatch in ip\n");
return 1;
}
const unsigned char *data = ASN1_STRING_get0_data(current_name->d.iPAddress);
printf("IP Address: %d.%d.%d.%d\n", data[0], data[1], data[2], data[3]);
break;
// Add more types if needed
}
}
GENERAL_NAMES_free(san);
X509_free(cert);
return EXIT_SUCCESS;
}
|
