Yeah, agreed, although I'd like the parser to work with the output of "openssl x509 ... -subject", i.e. RFC-4514 format, which is "CN=name, O=Acme Corporation, C=US" ... etc. > On Jul 23, 2021, at 12:57 AM, David von Oheimb <dev@xxxxxxxx> wrote: > > What I use is > > X509_NAME *nname = parse_name(string, MBSTRING_ASC, 1, desc); > > which is not an official API function but defined in apps/lib/apps.c: > > /* > * name is expected to be in the format /type0=value0/type1=value1/type2=... > * where + can be used instead of / to form multi-valued RDNs if canmulti > * and characters may be escaped by \ > */ > X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char *desc) > > Would be good to have such a function as part of the X.509 API. > > David > > On 23.07.21 07:49, Viktor Dukhovni wrote: >>> On 22 Jul 2021, at 9:29 pm, Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx> >>> wrote: >>> >>> I'm wondering what the function is that takes a string and returns X509_NAME with the attribute/value pairs of the parsed DN. >>> >> There is no such function in general, since the are many potential >> string forms of X.509 names, not all of which are unambiguously >> machine readable. >> >> There are various functions for augmenting a partially built name >> with an attribute-value pair, but the parsing of a string a list >> of such attribute-value pairs is up to you. :-( >> >>
