[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Parsing certificate extensions and issuer alt names
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: [Help-gnutls] Parsing certificate extensions and issuer alt names |
|
Date: |
Wed, 15 Jul 2009 00:18:19 +0300 |
|
User-agent: |
Thunderbird 2.0.0.22 (X11/20090608) |
Brad Hards wrote:
> On Monday 13 July 2009 16:33:48 Nikos Mavrogiannopoulos wrote:
>> Actually I think it might be much easier to do that inside gnutls by
>> extending get_subject_alt_name() to be able to accept the OID as
>> parameter to parse the 2.5.29.18 extension as well. Then would be easy
>> to submit a gnutls_x509_crt_get_issuer_alt_name that can be added to
>> gnutls.
> I had a first cut at this. See attached patch.
>
> Thoughts / comments?
Looks ok to me. Only some comment:
+ if (strncmp("2.5.29.18", extension_id, 9) == 0)
+ {
+ result = asn1_create_element(_gnutls_get_pkix (),
"PKIX1.IssuerAltName", &c2);
+ }
+ else if (strncmp("2.5.29.17", extension_id, 9) == 0)
Here it should have been strcmp instead of strncmp to avoid having false
positives (such as 2.5.29.17 == 2.5.29.17.24) in some future extension.
If you could send me an updated version I'll commit it.
best regards,
Nikos