Hi Hal, Might be simpler to use the 'X509_VERIFY_PARAM...' interface. Did you see : https://www.openssl.org/docs/man1.1.1/man3/X509_VERIFY_PARAM_set1_host.html Hope it helps, Regards, Michel. -----Message d'origine----- De : openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] De la part de Hal Murray Envoyé : samedi 16 avril 2022 22:19 À : openssl-users@xxxxxxxxxxx Objet : How does a client get the server's SAN/DNS strings I can get the subject and issuer with X509_get_subject_name and X509_get_issuer_name I'm looking for something similar to get the SAN/DNS strings used to verify that this certificate is valid for the hostname provided via SSL_set1_host Any API will be slightly complicated since there may be more than one SAN/DNS string. -- These are my opinions. I hate spam.
