Next: X.509 distinguished names, Previous: Importing an X.509 certificate, Up: X.509 certificates [Contents][Index]
X.509 certificates allow for multiple names and types of names to be specified. CA certificates often rely on X.509 distinguished names (see X.509 distinguished names) for unique identification, while end-user and server certificates rely on the ’subject alternative names’. The subject alternative names provide a typed name, e.g., a DNS name, or an email address, which identifies the owner of the certificate. The following functions provide access to that names.
int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, unsigned int seq, void * san, size_t * san_size, unsigned int * san_type, unsigned int * critical)
int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const void * data, unsigned int data_size, unsigned int flags)
int gnutls_subject_alt_names_init (gnutls_subject_alt_names_t * sans)
int gnutls_subject_alt_names_get (gnutls_subject_alt_names_t sans, unsigned int seq, unsigned int * san_type, gnutls_datum_t * san, gnutls_datum_t * othername_oid)
int gnutls_subject_alt_names_set (gnutls_subject_alt_names_t sans, unsigned int san_type, const gnutls_datum_t * san, const char * othername_oid)
Note however, that server certificates often used the Common Name (CN), part of the certificate DistinguishedName to place a single DNS address. That practice is discouraged (see [RFC6125]), because only a single address can be specified, and the CN field is free-form making matching ambiguous.