[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35787: 26.2; gnutls: accessing raw server certificate data
From: |
Lars Ingebrigtsen |
Subject: |
bug#35787: 26.2; gnutls: accessing raw server certificate data |
Date: |
Tue, 09 Jul 2019 15:44:42 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Julian Scheid <julians37@gmail.com> writes:
> So, to make this work it looks like I'd need either
>
> 1) the fingerprint, but using the hash function as required by the RFC, or
> 2) the certificate as a binary blob.
I think putting the signature itself in the process object (in addition
to all the details) makes some sense, but perhaps it's wastes
unnecessary memory...
There's gnutls-peer-status, and that could also be amended to return the
full certificate. But, again, that's also called for virtually any TLS
connection.
Perhaps a new function to return the actual certificate? And perhaps it
should just return the entire certificate chain?
Anybody got an opinion here?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no