From 1d0c8cb3f8fdb38e3b62a949496907b058455ed9 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Mon, 13 Jun 2016 12:52:19 -0400
Subject: [PATCH] Printing of subjectAltName extension

Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
---
 testssl.sh | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 8fc1ccb..1a6c408 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3442,15 +3442,18 @@ certificate_info() {
      fi
      fileout "${json_prefix}cn" "$cnok" "$cnfinding"
 
-     sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \
-          sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
-#                                                       ^^^ CACert
+     sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
+          egrep "DNS:|IP Address:|email:|URI:|DirName:|Registered ID:" | \
+          sed -e 's/ *DNS://g' -e 's/ *IP Address://g' -e 's/ *email://g' -e 's/ *URI://g' -e 's/ *DirName://g' \
+              -e 's/ *Registered ID://g' -e 's/,/\n/g' \
+              -e 's/ *othername:<unsupported>//g' -e 's/ *X400Name:<unsupported>//g' -e 's/ *EdiPartyName:<unsupported>//g')
+#                   ^^^ CACert
      out "$indent"; pr_bold " subjectAltName (SAN)         "
      if [[ -n "$sans" ]]; then
-          for san in $sans; do
-               pr_dquoted "$san"
+          while read san; do
+               [[ -n "$san" ]] && pr_dquoted "$san"
                out " "
-          done
+          done <<< "$sans"
           fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
      else
           out "-- "