OpenSSL Get Subject Alternative Name from certificate

Question

I'm developing an iOS app that will need to read Subject Alternative Name from an certificate (.pfx).

Security.framework doesn't have a way to get this information, so you I'm using OpenSSL(openssl-1.0.1e)

To read Subject Name I'm using X509_get_subject_name(certificate) and for Issuer I'm using X509_get_issuer_name(certificate) and is working.

The problem is the Subject Alternative Name. I can't find any function to return this information.

Is it possible using OpenSSL to get the Subject Alternative Name? How?

Edit:

I imported the certificate into MAC keychain. On Subject Alternative Name I see NT Principal Name and RFC 822 Name.

I tried this but it is returning NULL:

GENERAL_NAME *name = (GENERAL_NAME*)X509_get_ext_d2i(cert,NID_subject_alt_name, NULL, NULL)

I'm reading certificate with this:

X509 *cert;
CFDataRef der = SecCertificateCopyData(certificate);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);
d2i_X509(&cert,&ptr,len);

Answer 1

You can get the x509 subject alternative name by using X509_get_ext_by_NID() then X509_get_ext() :

int loc = X509_get_ext_by_NID(X509 *, NID_subject_alt_name, -1);

if (loc >= 0) {
  X509_EXTENSION * ext = X509_get_ext(X509 *, loc);

then you have to parse the extension using sk_GENERAL_NAME_num() and sk_GENERAL_NAME_value(), or X509_get_ext_d2i().