I am trying to parse an x509v3 certificate. I've pieced together how to get all of the parts I need except the URI field in the subject alternative name. I have the following code. When I change my subject alt name fields around in the config file I use to create my test certs, I see the appropriate changes to the count, SA, and Type output, so it appears to be reading in the right area for SA URIs. However, my SA output always comes out as "1", so it does not appear to be the right struct member, as I have a name in my URI field.
From the cert text output (via the openssl command):
X509v3 Subject Alternative Name:
URI:ThisIsTheUri, email:[email protected]
The Code:
GENERAL_NAMES* subjectAltNames =
(GENERAL_NAMES*)X509_get_ext_d2i(&certificate, NID_subject_alt_name, NULL, NULL);
boost::int32_t altNameCount = sk_GENERAL_NAME_num(subjectAltNames);
std::cout << "Alt Name Count: " << altNameCount << "." << std::endl;
for (boost::int32_t i = 0; i < altNameCount; ++i)
{
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
if (generalName->type == GEN_URI)
{
subjectAltName = std::string(reinterpret_cast<char*>(generalName->d.ia5->data));
// subjectAltName should be "ThisIsTheUri", but is "1".
std::cout << "SA: '" << subjectAltName << "'." << std::endl;
}
else
{
std::cout << "Type: '" << generalName->type << "'." << std::endl;
}
}
The trick is to use ASN1_STRING_data() and ASN1_STRING_length() to extract the ia5 string:
std::string(reinterpret_cast<char*>(ASN1_STRING_data(generalName->d.uniformResourceIdentifier)),
ASN1_STRING_length(generalName->d.uniformResourceIdentifier));