> On Jul 23, 2021, at 8:52 AM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > >> On 23 Jul 2021, at 2:57 am, David von Oheimb <dev@xxxxxxxx> wrote: >> >> What I use is >> >> X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc); >> >> which is not an official API function but defined in apps/lib/apps.c: >> >> /* >> * name is expected to be in the format /type0=value0/type1=value1/type2=... >> * where + can be used instead of / to form multi-valued RDNs if canmulti >> * and characters may be escaped by \ >> */ >> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc) >> >> Would be good to have such a function as part of the X.509 API. > > Note that the "/"-separated form is not the output format of the issuer or > subject names in X509_NAME_oneline(3), x509(1), ... So a public API for > that format may not be a good idea. Perhaps there could be parsers for > the "rfc2253", "rfc2254" and "oneline" formats (or a single parser with > flags to select the format). > > -- > Viktor. > And "rfc4514"... yeah, that would work too. -Philip
