> X509* crt = /* how to get my X509 out of the SSL_CTX */
X509* cert = SSL_get_peer_certificate(ssl);
if(cert) { X509_free(cert); }
Its reference counted, so be sure to free it.
Jeff
On Tue, Feb 17, 2015 at 4:47 AM, Christian Parpart <trapni at gmail.com> wrote:
> Hey guys,
>
> I am rather new to OpenSSL development, but I'd like to integrate SSL
> communication in my little HTTP server.
> While this one is working so far, for SNI I actually need to read out the
> server certificates DNS name extenion and commonName subject.
>
> Currently I am doing something like:
>
> SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
> SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_FILETYPE_PEM);
> SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key", SSL_FILETYPE_PEM);
>
> I need to somehow get a ptr to the X509 struct to do something like:
>
> X509* crt = /* how to get my X509 out of the SSL_CTX */
> STACK_OF(GENERAL_NAME) altnames =
> X509_get_ext_d2i(crt, NID_subject_alt_name, NULL, NULL);
> int numAltNames = sk_GENERAL_NAME_num(altnames);
>
> for (int i = 0; i < numAltNames; ++i) {
> GENERAL_NAME* altname = sk_GENERAL_NAME_value(altnames, i);
> if (altname->type == GEN_DNS) {
> printf("found DNS-Name: %s\n", altname->d.dNSName);
> }
> }
> GENERAL_NAMES_free(altnames);
>
> in order to get the DNS alt-name at least.
> But how do I come from the SSL_CTX to my X509 struct, or how to I do it
> else?
