[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Checking hostname against certificate
From: |
Nikos Mavroyanopoulos |
Subject: |
Re: [Help-gnutls] Checking hostname against certificate |
Date: |
Wed, 6 Feb 2002 16:07:48 +0200 |
On Mon, 28 Jan 2002 19:29:36 +0000 Andrew McDonald <address@hidden> wrote:
> > This function was never tested.. Please, send me the certificate that
> > contains the dnsname, email extensions, so I can give it a test (and a fix).
> > > 2.5.29.17 is the OID for an AltName extension. How does
> > > _gnutls_get_extension know you want the dNSName?
> > it does not :)
> Ah. Good. I was a bit worried that I couldn't see how it could possibly
> do what it was supposed to. :-)
I've just commited a corrected function. The prototype is now:
typedef enum GNUTLS_X509_SUBJECT_ALT_NAME {
GNUTLS_SAN_DNSNAME=1, GNUTLS_SAN_RFC822NAME,
GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS
} GNUTLS_X509_SUBJECT_ALT_NAME;
/**
* gnutls_x509_extract_subject_alt_name - This function returns the peer's alt
name, if any
* @cert: should contain an X.509 DER encoded certificate
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
* @type: Holds the alternative's name type
* @ret: is the place where dns name will be copied to
* @ret_size: holds the size of ret.
*
* This function will return the alternative name (the dns part of it),
contained in the
* given certificate.
*
* This is specified in X509v3 Certificate Extensions.
* GNUTLS will return the Alternative name, or a negative
* error code.
* Returns GNUTLS_E_MEMORY_ERROR if ret_size is not enough to hold the
alternative name,
* or the size of alternative name if everything was ok.
*
* If the certificate does not have an Alternative name then returns
GNUTLS_E_DATA_NOT_AVAILABLE;
*
**/
int gnutls_x509_extract_subject_alt_name(const gnutls_datum * cert, int seq,
GNUTLS_X509_SUBJECT_ALT_NAME* type
char *ret, int *ret_size);
I know this is more complex... but subjectAltName extension is also a complex
one :)
> Regards,
>
>
> Andrew
> --
> Andrew McDonald
> E-mail: address@hidden
> http://www.mcdonald.org.uk/andrew/
>
--
Nikos Mavroyanopoulos
mailto:address@hidden
- Re: [Help-gnutls] Checking hostname against certificate,
Nikos Mavroyanopoulos <=