need function to retrieve subject alternative names

Bug #324857 reported by Ludwig Nussel on 2009-02-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

a function to retrieve a certificate's subject alternative names is
missing. That's needed for any client that wants to implement proper
certificate checks though.

The attached patch adds the function crypto.get_subjectAltNames()
for that purpose.

Related branches

Ludwig Nussel (l-n) wrote :
Jean-Paul Calderone (exarkun) wrote :

Hi Ludwig,

Thanks for the patch. This looks like it may overlap with the work that Roland Hedberg did in the lp:~roland-hedberg/pyopenssl/devel branch. Unfortunately it seems a ticket was never opened to correspond to that work. Can you compare what's there with what you've written?

Ludwig Nussel (l-n) wrote :

AFAICS the only overlap in Roland's code is the function
get_subjectaltname_of_type() where one can retrieve a list of
subjaltnames of a given type. The function I proposed just returns a
list of all types. I can't judge what's the more useful API. Wrt
completeness his function lacks support for the ipaddess type which
is mandatory for certificate checks.

Christopher (captain-c) wrote :

With pyopenssl 0.10 and openssl 0.9.8.g on Ubuntu Karmic, I cannot retrieve extensions, and thus subjectAltName, from a certificate request object. When I output it the request object as text, it clearly shows a Requested Extensions section.

Jean-Paul Calderone (exarkun) wrote :

Merged the subjectAltName branch. This exposes extensions on certificates (not on certificate requests).

Changed in pyopenssl:
status: New → Fix Committed
Changed in pyopenssl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers