RFC - support for subjectUniqueID and issuerUniqueID
Simon Josefsson
simon at josefsson.org
Wed Aug 11 13:31:58 CEST 2010
Brad Hards <bradh at frogmouth.net> writes:
> Hi,
>
> During investigation into some windows protocols, we've found that windows
> servers create certificates that make use of the subjectUniqueID and
> issuerUniqueID fields. They seem to contain GUID values.
>
> The attached patch (which I'm looking for feedback on, not to be applied at
> this stage) allows fetching / display of those fields. I have a second patch
> for setting / writing those fields, but I haven't tested it yet. A sample
> certificate is also attached.
>
> I recognise that they aren't normally used (and are deprecated), but for
> interop purposes, I'd like to be able to access them if necessary.
>
> Thoughts and comments?
Generally, I think we should have an API to extract arbitrary extensions
instead of adding new APIs for each and every strange extension. I
think we already have these APIs though?
I don't see any extensions in your certificate though? So I'm not sure
exactly what fields you are talking about.
/Simon
jas at mocca:~$ dumpasn1 cert
0 768: SEQUENCE {
4 492: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 16: INTEGER BD 76 DF 42 47 0A 00 8D 47 3E 74 3F A1 DC 8B BD
: Error: Integer has a negative value.
31 9: SEQUENCE {
33 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
40 0: NULL
: }
42 45: SEQUENCE {
44 43: SET {
46 41: SEQUENCE {
48 3: OBJECT IDENTIFIER commonName (2 5 4 3)
53 34: PrintableString 'w.2.k.8.r.2...m.a.t.w.s...n.e.t...'
: Error: PrintableString contains illegal character(s).
: }
: }
: }
89 30: SEQUENCE {
91 13: UTCTime 28/04/2010 11:41:54 GMT
106 13: UTCTime 28/04/2011 11:41:54 GMT
: }
121 45: SEQUENCE {
123 43: SET {
125 41: SEQUENCE {
127 3: OBJECT IDENTIFIER commonName (2 5 4 3)
132 34: PrintableString 'w.2.k.8.r.2...m.a.t.w.s...n.e.t...'
: Error: PrintableString contains illegal character(s).
: }
: }
: }
168 290: SEQUENCE {
172 13: SEQUENCE {
174 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
185 0: NULL
: }
187 271: BIT STRING, encapsulates {
192 266: SEQUENCE {
196 257: INTEGER
: 00 AA D7 32 26 D7 FC 69 57 4A 55 08 2B 97 C1 5B
: 90 FD E8 F5 F7 9E 7D 34 CE E9 BB 38 A0 9F EC 84
: 86 3E 47 2E 71 D7 C3 BF 89 F3 80 B5 77 80 D3 B0
: 56 6B 9C F4 D3 42 2B 26 01 5C 42 EF F6 51 5A AA
: 55 6B 30 D3 2C DC DE 36 4D DD F3 5F 59 BA 57 D8
: 39 0F 5B D3 E1 34 39 22 AA 71 10 59 7A EC 9F 1A
: F5 A9 40 D6 7B 32 5F 19 85 C0 FD A6 6C 32 58 DC
: 7C 07 42 36 D0 57 78 63 60 92 1D 1F 9D BD CC D7
: [ Another 129 bytes skipped ]
457 3: INTEGER 65537
: }
: }
: }
462 17: [1] 00 BD 8B DC A1 3F 74 3E 47 8D 00 0A 47 42 DF 76 BD
481 17: [2] 00 BD 8B DC A1 3F 74 3E 47 8D 00 0A 47 42 DF 76 BD
: }
500 9: SEQUENCE {
502 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
509 0: NULL
: }
511 257: BIT STRING
: A7 B0 66 75 14 7E 7D B5 31 EC B2 EB 90 80 95 25
: 59 0F E4 15 86 2D 9D D7 35 E9 22 74 E7 85 36 19
: 4F 27 5C 17 63 7B 2A FE 59 E9 76 77 D0 C9 40 78
: 7C 31 62 1E 87 1B C1 19 EF 6F 15 E6 CE 74 84 6D
: D6 3B 57 D9 A9 13 F6 7D 84 E7 8F C6 01 5F CF C4
: 95 C9 DE 97 17 43 12 70 27 F9 C4 D7 E1 05 BB 63
: 87 5F DC 20 BD D1 DE D6 2D 9F 3F 5D 0A 27 40 11
: 5F 5D 54 A7 28 F9 03 2E 84 8D 48 60 A1 71 A3 46
: [ Another 128 bytes skipped ]
: }
0 warnings, 3 errors.
jas at mocca:~$
More information about the Gnutls-devel
mailing list