[gnutls-dev] non-ASCII ASN.1 string types

Joe Orton joe at manyfish.co.uk
Sun Oct 17 13:55:06 CEST 2004


On Sun, Oct 17, 2004 at 12:46:30PM +0200, Nikos Mavrogiannopoulos wrote:
> On Sunday 17 October 2004 12:08, Joe Orton wrote:
> 
> > > Ok. The newest patch will print something like:
> > > Subject: C=GB,ST=Cambridgeshire,L=Cambridge,O=Neon Hackers
> > > Ltd,OU=#48e86c6c6f20576f726c64,CN=localhost,EMAIL=neon at webdav.org
> > I dunno, I'd rather the functions fail if the RDN can't be
> > auto-converted into UTF-8 per the docs
> I don't like this behaviour. And according to my intrerpretation of rfc2253, 
> this is the proper thing to do when an unsupported character set is found in 
> the asn.1 encoding.

Well I guess the interface is simply not flexible enough for this to be
decided by the app, where ultimately it should be.  I have no need for
2253-style formatting in neon, I'd prefer to be able to skip RDNs which
I can't produce human-readable strings from than show random hex strings
to the user.
 
> > On this subject: is there a way to iterate over all the RDNs in the
> > subject or issuer DN using GNU TLS?  neon needs to produce
> > human-readable DNs - this is easy using OpenSSL's X509_NAME interface,
> > but I can't find a way of doing it in GNU TLS.  Can anyone help?
> Yes. You can use:
> gnutls_x509_crt_get_dn_by_oid()
> after calling gnutls_x509_crt_get_dn_oid() to get all OIDs in the DN.

Ah, yes, I couldn't work out at all what _get_dn_oid was putting the
passed-in buffer.  Can you explain how the OIDs are formatted in the
buffer, or give an example of how I'd do this?

Thanks for your responses!

Regards,

joe




More information about the Gnutls-devel mailing list