[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Verifying subjectAltNames

From: Matthias Wimmer
Subject: [Help-gnutls] Verifying subjectAltNames
Date: Fri, 26 Jan 2007 02:26:47 +0100
User-agent: Thunderbird (Windows/20061207)


I am trying to find out how to verify subjectAltNames using GnuTLS. For that I need to check the id-on-xmppAddr as a UTF8String inside a otherName entity which again is inside this subjectAltName extension. (This is needed by a server implementation of RFC 3920 which I am porting from OpenSSL to GnuTLS.)

I first tried to do this using gnutls_x509_crt_get_subject_alt_name() is the comments on this function tell: "GNUTLS will return the Alternative name (, or a negativ error code."

This does not seem to be true, as this function does not return complete subjectAltName data, but only parts of it (the hostname). When trying to read id-on-xmppAddr data inside otherName, GnuTLS just returns an error. I would highly recomment, that the function description should be adopted to note, that this function cannot be used to access arbitrary subjectAltName extensions.

So I tried to use gnutls_x509_crt_get_extension_by_oid() which returns me the subjectAltName extension, that contains what I am looking for. The question now is: does GnuTLS support me processing the returned DER data, or do I have to use libtasn for further processing?

Thank you for any feed-back


Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München

reply via email to

[Prev in Thread] Current Thread [Next in Thread]