Hi Karl, I believe it could be helpful to have a look at the 509_check_host() and do_x509_check() source code in crypto\x509v3\v3_utl.c. Also, if you want to parse the SAN just for certificate validation, it is now easier to use : https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PARAM_set_flags.html Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de Karl Denninger Envoy? : lundi 11 janvier 2016 04:08 ? : openssl-users at openssl.org Objet : Re: [openssl-users] (Probably) Silly Application Programming Question Yeah, now I just have to figure out how to parse the X509 Extension data from the certificate to pull out the SubjectAltName information.... :-) There wouldn't be a snippet of code laying around somewhere that does that given a X509 cert as input would there? It looks a bit arcane.... -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160113/5b542f10/attachment-0001.html>