[Help-gnutls] Verifying subjectAltNames
m at tthias.eu
Fri Jan 26 02:26:47 CET 2007
I am trying to find out how to verify subjectAltNames using GnuTLS. For
that I need to check the id-on-xmppAddr as a UTF8String inside a
otherName entity which again is inside this subjectAltName extension.
(This is needed by a server implementation of RFC 3920 which I am
porting from OpenSSL to GnuTLS.)
I first tried to do this using gnutls_x509_crt_get_subject_alt_name() is
the comments on this function tell:
"GNUTLS will return the Alternative name (126.96.36.199), or a negativ error
This does not seem to be true, as this function does not return complete
subjectAltName data, but only parts of it (the hostname). When trying to
read id-on-xmppAddr data inside otherName, GnuTLS just returns an error.
I would highly recomment, that the function description should be
adopted to note, that this function cannot be used to access arbitrary
So I tried to use gnutls_x509_crt_get_extension_by_oid() which returns
me the subjectAltName extension, that contains what I am looking for.
The question now is: does GnuTLS support me processing the returned DER
data, or do I have to use libtasn for further processing?
Thank you for any feed-back
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the Gnutls-help