Openssl编程获取X509证书的DNS

证书中的DNS指的是X509v3扩展里面的X509v3 Subject Alternative Name；

可以使用命令查看

openssl x509 -text -noout -in 1.crt

输出如下：

X509v3 extensions:    X509v3 Subject Alternative Name:         DNS: test.com

代码如下：

#include <stdio.h>#include <stdlib.h>#include <assert.h>#include <openssl/bio.h>#include <openssl/x509v3.h>int main(int argc, char **argv){    BIO *bio = NULL;    bio = BIO_new_file(argv[1], "r");    assert(bio);    X509 *x = NULL;    x = PEM_read_bio_X509(bio, NULL, NULL, NULL);    assert(x);    GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);    int cnt = sk_GENERAL_NAME_num(subjectAltNames);    int i;    for (i = 0; i < cnt; i++) {        GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);        printf("%s\n", ASN1_STRING_data(GENERAL_NAME_get0_value(generalName, NULL)));    }}

gcc -lssl a.c./a.out 1.crt

DNS有可能有多个的。