I don't know where we can check in experimental code so I have a demonstration of how to extract CNs subjAltNames or what ever we want from x509 certificates. Later on I plan to use the OpenSSL libraries to verify certs coming from barbican are valid and actually do sign the private_key it is associated with. https://github.com/crc32a/ssl_exp.git