1

I got a iOS application trying to retrieve SAN from a certificate with openSSL. I am stuck at the part that I can get the X509_Extension correctly(I can check the data in the X509_Extension and it contains the email address, mixed in a bunch of other data). I have no idea how to generally extract the email address from the X509_Extension.

Can anyone help? Thanks. Following are my code:

int loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
if (loc >= 0) {
    X509_EXTENSION * ext = X509_get_ext(cert, loc);
    //How to extract the email address from the ext?
}
Summer
  • 488
  • 4
  • 14

1 Answers1

1

Inspired by this thread I finally got it solved. FIY:

int loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);

if (loc >= 0) {

    X509_EXTENSION * ext = X509_get_ext(cert, loc);

    BUF_MEM *bptr = NULL;

    char *buf = NULL;

    BIO *bio = BIO_new(BIO_s_mem());

    if(!X509V3_EXT_print(bio, ext, 0, 0)){

        // error handling...

    }

    BIO_flush(bio);

    BIO_get_mem_ptr(bio, &bptr);



    // now bptr contains the strings of the key_usage, take

    // care that bptr->data is NOT NULL terminated, so

    // to print it well, let's do something..

    buf = (char *)malloc( (bptr->length + 1)*sizeof(char) );



    memcpy(buf, bptr->data, bptr->length);

    buf[bptr->length] = '\0';



    NSString *email = [NSString stringWithUTF8String:buf];

    NSRange r1 = [email rangeOfString:@"email:"];

    NSRange r2 = [email rangeOfString:@","];

    NSRange rSub = NSMakeRange(r1.location + r1.length, r2.location - r1.location - r1.length);

    NSString *email = [email substringWithRange:rSub];

}
Community
  • 1
  • 1
Summer
  • 488
  • 4
  • 14