path: root/manual/html_node/X_002e509-certificate-names.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This manual is last updated 4 March 2015 for version
3.4.8 of GnuTLS.

Copyright (C) 2001-2015 Free Software Foundation, Inc.\\
Copyright (C) 2001-2015 Nikos Mavrogiannopoulos

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.  A
copy of the license is included in the section entitled "GNU Free
Documentation License". -->
<!-- Created by GNU Texinfo 6.0, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GnuTLS 3.4.8: X.509 certificate names</title>

<meta name="description" content="GnuTLS 3.4.8: X.509 certificate names">
<meta name="keywords" content="GnuTLS 3.4.8: X.509 certificate names">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="X_002e509-certificates.html#X_002e509-certificates" rel="up" title="X.509 certificates">
<link href="X_002e509-distinguished-names.html#X_002e509-distinguished-names" rel="next" title="X.509 distinguished names">
<link href="Importing-an-X_002e509-certificate.html#Importing-an-X_002e509-certificate" rel="prev" title="Importing an X.509 certificate">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nocodebreak {white-space: nowrap}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: serif; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
body { 
	margin: 2%;
	padding: 0 5%;
	background: #ffffff;
}
h1,h2,h3,h4,h5 {
    font-weight: bold;
    padding: 5px 5px 5px 5px;
    background-color: #c2e0ff;
    color: #336699;
}
h1 {
    padding: 2em 2em 2em 5%;
    color: white;
    background: #336699;
    text-align: center;
    letter-spacing: 3px;
}
h2 { text-decoration: underline; }
pre {
  margin: 0 5%;
  padding: 0.5em;
}
pre.example,pre.verbatim {
  padding-bottom: 1em;

  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 1px 1px 1px 5px;
  margin: 1em auto;
  width: 90%;
}

div.node {
  margin: 0 -5% 0 -2%;
  padding: 0.5em 0.5em;
  margin-top: 0.5em;
  margin-bottom: 0.5em;
  font-weight: bold;
}
dd, li {
  padding-top: 0.1em;
  padding-bottom: 0.1em;
}
div.float {

  margin-bottom: 0.5em;
  text-align: center;
}

table {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  border-spacing: 7px;
  width: 50%;
}

th {
  padding: 0;
  color: #336699;
  background-color: #c2e0ff;
  border: solid #000000;
  border-width: 0px;
  margin: 1em auto;
  text-align: center;
  margin-left:auto;
  margin-right:auto;
}

td {
  padding: 0;
  border: solid #000000;
  background-color: #f0faff;
  border-width: 0px;
  margin: 1em auto;
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  padding-left: 1em;
}

dl {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  width: 50%;

  padding-left: 1em;
  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 5px 1px 1px 1px;
  margin: 1em auto;
}

-->
</style>


</head>

<body lang="en">
<a name="X_002e509-certificate-names"></a>
<div class="header">
<p>
Next: <a href="X_002e509-distinguished-names.html#X_002e509-distinguished-names" accesskey="n" rel="next">X.509 distinguished names</a>, Previous: <a href="Importing-an-X_002e509-certificate.html#Importing-an-X_002e509-certificate" accesskey="p" rel="prev">Importing an X.509 certificate</a>, Up: <a href="X_002e509-certificates.html#X_002e509-certificates" accesskey="u" rel="up">X.509 certificates</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="X_002e509-certificate-names-1"></a>
<h4 class="subsubsection">4.1.1.3 X.509 certificate names</h4>
<a name="index-X_002e509-certificate-name"></a>

<p>X.509 certificates allow for multiple names and types of names to be specified.
CA certificates often rely on X.509 distinguished names (see <a href="X_002e509-distinguished-names.html#X_002e509-distinguished-names">X.509 distinguished names</a>)
for unique identification, while end-user and server certificates rely on the
&rsquo;subject alternative names&rsquo;. The subject alternative names provide a typed name, e.g.,
a DNS name, or an email address, which identifies the owner of the certificate.
The following functions provide access to that names.
</p>
<dl compact="compact">
<dt><code><var>int</var> <a href="X509-certificate-API.html#gnutls_005fx509_005fcrt_005fget_005fsubject_005falt_005fname2">gnutls_x509_crt_get_subject_alt_name2</a> (gnutls_x509_crt_t <var>cert</var>, unsigned int <var>seq</var>, void * <var>san</var>, size_t * <var>san_size</var>, unsigned int * <var>san_type</var>, unsigned int * <var>critical</var>)</code></dt>
<dt><code><var>int</var> <a href="X509-certificate-API.html#gnutls_005fx509_005fcrt_005fset_005fsubject_005falt_005fname">gnutls_x509_crt_set_subject_alt_name</a> (gnutls_x509_crt_t <var>crt</var>, gnutls_x509_subject_alt_name_t <var>type</var>, const void * <var>data</var>, unsigned int <var>data_size</var>, unsigned int <var>flags</var>)</code></dt>
</dl>
<dl compact="compact">
<dt><code><var>int</var> <a href="X509-certificate-API.html#gnutls_005fsubject_005falt_005fnames_005finit">gnutls_subject_alt_names_init</a> (gnutls_subject_alt_names_t * <var>sans</var>)</code></dt>
<dt><code><var>int</var> <a href="X509-certificate-API.html#gnutls_005fsubject_005falt_005fnames_005fget">gnutls_subject_alt_names_get</a> (gnutls_subject_alt_names_t <var>sans</var>, unsigned int <var>seq</var>, unsigned int * <var>san_type</var>, gnutls_datum_t * <var>san</var>, gnutls_datum_t * <var>othername_oid</var>)</code></dt>
<dt><code><var>int</var> <a href="X509-certificate-API.html#gnutls_005fsubject_005falt_005fnames_005fset">gnutls_subject_alt_names_set</a> (gnutls_subject_alt_names_t <var>sans</var>, unsigned int <var>san_type</var>, const gnutls_datum_t * <var>san</var>, const char * <var>othername_oid</var>)</code></dt>
</dl>

<p>Note however, that server certificates often used the Common Name (CN), part of the
certificate DistinguishedName to place a single DNS address. That practice is discouraged
(see [<em>RFC6125</em>]), because only a single address can be specified, and the CN field is
free-form making matching ambiguous.
</p>



</body>
</html>