[gnutls-dev] non-ASCII ASN.1 string types

Joe Orton joe at manyfish.co.uk
Sun Oct 17 13:55:06 CEST 2004

On Sun, Oct 17, 2004 at 12:46:30PM +0200, Nikos Mavrogiannopoulos wrote:
> On Sunday 17 October 2004 12:08, Joe Orton wrote:
> > > Ok. The newest patch will print something like:
> > > Subject: C=GB,ST=Cambridgeshire,L=Cambridge,O=Neon Hackers
> > > Ltd,OU=#48e86c6c6f20576f726c64,CN=localhost,EMAIL=neon at webdav.org
> > I dunno, I'd rather the functions fail if the RDN can't be
> > auto-converted into UTF-8 per the docs
> I don't like this behaviour. And according to my intrerpretation of rfc2253, 
> this is the proper thing to do when an unsupported character set is found in 
> the asn.1 encoding.

Well I guess the interface is simply not flexible enough for this to be
decided by the app, where ultimately it should be.  I have no need for
2253-style formatting in neon, I'd prefer to be able to skip RDNs which
I can't produce human-readable strings from than show random hex strings
to the user.
> > On this subject: is there a way to iterate over all the RDNs in the
> > subject or issuer DN using GNU TLS?  neon needs to produce
> > human-readable DNs - this is easy using OpenSSL's X509_NAME interface,
> > but I can't find a way of doing it in GNU TLS.  Can anyone help?
> Yes. You can use:
> gnutls_x509_crt_get_dn_by_oid()
> after calling gnutls_x509_crt_get_dn_oid() to get all OIDs in the DN.

Ah, yes, I couldn't work out at all what _get_dn_oid was putting the
passed-in buffer.  Can you explain how the OIDs are formatted in the
buffer, or give an example of how I'd do this?

Thanks for your responses!



More information about the Gnutls-devel mailing list