• Registered: 2021-01-17
  • Posts: 1

Topic: Iterating over subject alt names in WOLFSSL_X509

I need to iterate over the subject alt names in a WOLFSSL_X509 object. The API has a function to do this, wolfSSL_X509_get_next_altname(), but there appears to be no way to reset the iterator formed by the altNamesNext member. It is only ever initialized in CopyDecodedToX509(). Once the list is exhausted you can't retrieve the list of names again.

This seems to be a deficiency in the public API for certificate handling. Should there not be a way to reset altNamesNext back to the start of the list?

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 298

Re: Iterating over subject alt names in WOLFSSL_X509

Hello @kevinpt,

Thanks for contacting wolfSSL Support.

Yes, I see what you mean about not being able to re-iterate the list. In fact this in src/ssl.c@18435

    /* already went through them */
    if (cert->altNamesNext == NULL)
        return NULL;

So maybe a new API as you suggested, wolfSSL_X509_get_first_altname(), that will simply reset the list pointer to the head? I review this with the team tomorrow evening.

Thanks,
Eric @ wolfSSL Support

embhorn's Website

Share