I found a solution. It's a clumsy one, but it works.
Well I considered that a certificate is encoded in base64. So I remove de
the 1st and last lines, and decode it. Now we got a lot of binary
information, but at least the info is there and readable, so we can search
for it.
I opened this data in a hexeditor, and look for my data. When I found it I
realized that a couple of bytes before it there were a part of my custom
OID number. I mean my OID number is 2.16.76.1.3.1, and I found the bytes
"4C 01 03 01" (0x4C=76) just 8 bytes before the data. So I made PHP search
the decoded document for this bytes and extract the information I need
positionaly. I know it's clumsy, but it's the best I got until now.
Here is the PHP code I used:
$cert = $_SERVER['SSL_CLIENT_CERT'];
// remove first and last lines (i.e. BEGIN/END CERTIFICATE)
$cert = preg_replace("/\n.*$/", "", preg_replace("/^.*\n/", "", $cert));
$cert_dec = base64_decode($cert);
//find OID position
$pos = strpos($cert_dec, pack("H*", "4C010301")) + 8;
/extract custom data
$birthdate = substr($cert_dec, $pos, 8);
$docnumber = substr($cert_dec, $pos + 8, 11);
echo $birthdate;
echo "<br>";
echo $docnumber;
If anyone has any solution better than this one I would be glad to know.
-Nelson
2011/11/24 Nelson Teixeira
> Hello,
>
> I'm trying to read subjectAltName field from a client certificate with
>
> $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
> $subjectAltName = $x509['extensions']['subjectAltName'];
>
> but the field contains " othername:, othername:, othername:," where the
> real data should be. There's valid data there because I can see it in
> firefox's certificate view. I already have SSLOptions +StdEnvVars
> +ExportCertData configured in apache. I can read correctly serveral other
> fields.
>
> How can I receive correctly from apache and extract the real data ?
>
> -Nelson
>
