int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, unsigned int seq, void * ret, size_t * ret_size, unsigned int * critical);
should contain a gnutls_x509_crt_t structure
unsigned int seq
specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
void * ret
is the place where the alternative name will be copied to
size_t * ret_size
holds the size of ret.
unsigned int * critical
will be non zero if the extension is marked as critical (may be null)
This function will return the alternative names, contained in the
This is specified in X509v3 Certificate Extensions. GNUTLS will
return the Alternative name (22.214.171.124), or a negative error code.
When the SAN type is otherName, it will extract the data in the
otherName's value field, and GNUTLS_SAN_OTHERNAME is returned.
You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
the corresponding OID and the "virtual" SAN types (e.g.,
If an otherName OID is known, the data will be decoded. Otherwise
the returned data will be DER encoded, and you will have to decode
it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
the alternative subject name type on success, one of the
enumerated gnutls_x509_subject_alt_name_t. It will return
GNUTLS_E_SHORT_MEMORY_BUFFER if ret_size is not large enough
to hold the value. In that case ret_size will be updated with
the required size. If the certificate does not have an
Alternative name with the specified sequence number then
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.