[Net-ssleay-devel] Net::SSLeay::X509_get_subjectAltNames and signin.ebay.de

Mike McCauley mikem at open.com.au
Sat Jun 16 03:00:28 UTC 2007 

On Saturday 16 June 2007 09:56, Achim Grolms wrote:
> Hello,
>
> trying to do some coding based on Net::SSLeay::X509_get_subjectAltNames
> I tried to use a public-reachable server to do my tests.
> I've choosed signin.ebay.de:443 because Firefox-browser shows
> some subjectAltNames entries.
> (Is using signin.ebay.de:443 as a test peer the right choice?
> Is my assumtion "has subjectAltNames" correct?)
>
> I expected that Net::SSLeay::X509_get_subjectAltNames returns this
> subjectAltNames in an array, but my example code gets an empty array.

I guess its possible that the certifiacte has no subjectAltNames?

>
> find below
>
> 1. my example code and
> 2. output produced by that code.
>
> Can you point me in the direction what am I doing wrong?

heres some sample code I use in a verify function:

sub verifyFn
{
    my ($object, $x509_store_ctx) = @_;

    my $depth = Net::SSLeay::X509_STORE_CTX_get_error_depth($x509_store_ctx);
    if ($depth == 0)
    {
	# This is the peer certificate we need to check
	my $cert = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
	my $subject_name = &Net::SSLeay::X509_get_subject_name($cert);
	my $subject = &Net::SSLeay::X509_NAME_oneline($subject_name);

	if (exists &Net::SSLeay::X509_get_subjectAltNames)
	{
	    # X509_get_subjectAltNames returns array of (type, string)
	    # type == 2 is dnsname. Type 7 is IPADD, type 6 is URI.
	    # For other types see openssl/x509v3.h GEN_*
	    my @altnames = &Net::SSLeay::X509_get_subjectAltNames($cert);

	    while (@altnames)
	{
			my ($type, $name) = splice(@altnames, 0, 2);
		......


>
> #!/usr/bin/perl -w
>
> use strict;
> use Net::SSLeay 1.30 qw(sslcat);
>
> my $server =  'signin.ebay.de';
> my $port =   443;
>
> my ($page, $response, $server_cert) = sslcat ($server, $port, 'GET /
> HTTP/1.0');
>
> $server_cert || die "sslcat returned error: $response";
>
> my $x509_name = Net::SSLeay::X509_get_subject_name($server_cert);
> my $text = Net::SSLeay::X509_NAME_get_text_by_NID ($x509_name, 13 );
>
> print "Subject: " . Net::SSLeay::X509_NAME_oneline($x509_name) . "\n",
>       "CN: $text\n";
>
> my @altnames = Net::SSLeay::X509_get_subjectAltNames( $server_cert );
> print "\n count altnames: ", scalar(@altnames), "\n";
>
>
>
>
> The output of this testscript is
>
> achim at mjoelnir ~/sslx509 $ ./eule1.pl
> Subject:
> /serialNumber=2871352/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=
>Delaware/C=US/postalCode=95125/ST=California/L=San Jose/streetAddress=2145
> Hamilton Ave/O=eBay Inc./OU=Site
> Operations/CN=signin.ebay.com
> CN: signin.ebay.com
>
>  count altnames: 0
>
>
>
>
>
> I expected count altnames to be something > 0.
> Can you point me in the direction what am I doing wrong?
>
> Thank you,
> Achim
>
> _______________________________________________
> Net-ssleay-devel mailing list
> Net-ssleay-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

More information about the Net-ssleay-devel mailing list