gnutls_x509_crt_get_issuer_alt_name — API function


#include <gnutls/x509.h>

int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, unsigned int seq, void * ian, size_t * ian_size, unsigned int * critical);


gnutls_x509_crt_t cert

should contain a gnutls_x509_crt_t type

unsigned int seq

specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)

void * ian

is the place where the alternative name will be copied to

size_t * ian_size

holds the size of ian.

unsigned int * critical

will be non-zero if the extension is marked as critical (may be null)


This function retrieves the Issuer Alternative Name (, contained in the given certificate in the X509v3 Certificate Extensions.

When the SAN type is otherName, it will extract the data in the otherName's value field, and GNUTLS_SAN_OTHERNAME is returned. You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get the corresponding OID and the "virtual" SAN types (e.g., GNUTLS_SAN_OTHERNAME_XMPP).

If an otherName OID is known, the data will be decoded.  Otherwise the returned data will be DER encoded, and you will have to decode it yourself.  Currently, only the RFC 3920 id-on-xmppAddr Issuer AltName is recognized.


the alternative issuer name type on success, one of the enumerated gnutls_x509_subject_alt_name_t.  It will return GNUTLS_E_SHORT_MEMORY_BUFFER if  ian_size is not large enough to hold the value.  In that case  ian_size will be updated with the required size.  If the certificate does not have an Alternative name with the specified sequence number then GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.



Reporting Bugs

Report bugs to <>.
Home page:

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit


3.6.9 gnutls