[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] cleanup _asn1_copy_structure3
|
From: |
Simon Josefsson |
|
Subject: |
Re: [PATCH] cleanup _asn1_copy_structure3 |
|
Date: |
Wed, 05 Sep 2012 09:15:05 +0200 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Tim Ruehsen <address@hidden> writes:
> Am Tuesday 04 September 2012 schrieb Nikos Mavrogiannopoulos:
>> On Tue, Sep 4, 2012 at 3:48 PM, Tim Ruehsen <address@hidden> wrote:
>> > Right now, after having taken a deeper look into the sources, I
>> > personally dislike the source code.
>>
>> You're not alone. Unfortunately it is the easiest to use ASN.1 parser.
>>
>> > It is unnecessary complex, i would say hard to
>> > maintain. I really can't find any of the stated "high quality" code.
>>
>> Who states that?
>
> see http://www.gnu.org/software/libtasn1
> The part i am referring to is titled "High Quality".
To be fair, it says "the goal is to provide a library of high quality"
not necessarily that the current code is of high quality. I agree there
is plenty of room for improvement... we won't get there without a goal
of getting there though. Maybe the text could be reworded a bit...
> Well the clang analyser is mentioned... since the last check, some time may
> have been passed ... using it, you will at least find one serious memory
> error.
If you could explain more, that would help.
> Hey Nikos.
> This mentioned tool could use libtasn1. Impact doesn't matter since the
> certificates seldom change.
> The X509 certificate format is well defined in RFC 5280 and it should be easy
> to output these values into a text format like:
> --------
> tbsCertificate.version 2
> tbsCertificate.serialNumber 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
> tbsCertificate.signature sha1WithRSAEncryption
> tbsCertificate.issuer C=US, O=America Online Inc., CN=America Online Root
> Certification Authority 1
> ...
> signatureAlgorithm sha1WithRSAEncryption
> signatureValue 7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c: ...
> --------
>
> OpenSSL already has a tool to convert .PEM into a (human readable) text:
> openssl x509 -text -noout -in <filename>
>
> Maybe there already is a similar GnuTLS tool which we can extend a bit to
> produce machine readable text.
The risk is that some information is lost when doing this conversion.
If you want to work on it, you could add a new
gnutls_certificate_print_formats_t symbol that would make
gnutls_x509_crt_print print new certificate in a machine readable
format. I think that would be quite useful, and not too difficult to
do. Just make sure you output opaque blobs for things that haven't yet
been given a machine readable format -- I'm thinking primarily
extensions.
/Simon
- [PATCH] cleanup _asn1_copy_structure3, Tim Ruehsen, 2012/09/01
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/04
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/05
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/08
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/09
- Re: [PATCH] cleanup _asn1_copy_structure3, Simon Josefsson, 2012/09/10
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/11
- Re: [PATCH] cleanup _asn1_copy_structure3, Simon Josefsson, 2012/09/12
- Re: [PATCH] cleanup _asn1_copy_structure3, Nikos Mavrogiannopoulos, 2012/09/13
- Re: [PATCH] cleanup _asn1_copy_structure3, Simon Josefsson, 2012/09/13