[gnutls-devel] gnutls_x509_dn_get_rdn_ava and sequences

Kurt Roeckx kurt at roeckx.be
Fri Jan 24 00:14:19 CET 2014


Hi,

I'm using gnutls_x509_dn_get_rdn_ava() to iterate over the over
all the fields.  One of the fields (irdn 3, iava 0) I get back a
value_tag of 16, and the length is 72.  16 seems to mean that it's
a sequence.  The OID is 2.5.4.16 (PostalAddress).

certtool prints it like: 2.5.4.16=#30480c46[...]
openssl's x509 prints it as: postalAddress=0H\x0CF[...]

The first 2 bytes of the data I see is 0x0C (12), 0x46 (70, 'F'),
so I'm confused why both certtool and openssl put 0x30 ('0'),
0x48 ('H') in front of it.

A hex dump of the file at least shows a "10 30 48 0c 46".

Anyway, the 12, 70 seem to mean that it's an UTF8String of size
70 to me, and I can actually parse it like that succesfully.

I understand that the Postal Address is a sequence since it's
supposed to be a sequence of DirectoryString.

But I'm little confused why gnutls is showing me the data like that.
I was expecting to just get a type 12 (UTF8String) from the
gnutls_x509_dn_get_rdn_ava() since it says it's supposed to model
the sequence of sequences.

This was tested with 3.2.8.1

The certificate is attached.


Kurt

-------------- next part --------------
-----BEGIN CERTIFICATE-----
MIIDwDCCA22gAwIBAgIQAcxbS/CxBrAAAAAAGqIADDAKBgYqhQMCAgMFADCCAS0x
CzAJBgNVBAYTAlJVMRUwEwYDVQQHDAzQodCw0LzQsNGA0LAxGzAZBgNVBAgMEtCh
0LDQvNCw0YDRgdC60LDRjzFRME8GA1UEEDBIDEY0NDMwMTMsINCh0LDQvNCw0YDQ
sCwg0JzQvtGB0LrQvtCy0YHQutC+0LUg0YjQvtGB0YHQtSwgMywg0L7RhNC40YEg
MzAyMR0wGwYJKoZIhvcNAQkBFg5jYUBjcnlwdGV4LnBybzEgMB4GA1UECgwX0J7Q
ntCeINCa0YDQuNC/0YLRjdC60YExRDBCBgNVBAsMO9Cj0LTQvtGB0YLQvtCy0LXR
gNGP0Y7RidC40Lkg0Lgg0LrQu9GO0YfQtdCy0L7QuSDRhtC10L3RgtGAMRAwDgYD
VQQDDAdDUllQVEVYMB4XDTExMDgxNTEzMTI0N1oXDTE2MDgxNTEzMDUwMFowgaMx
CzAJBgNVBAYTAlJVMRUwEwYDVQQHDAzQodCw0LzQsNGA0LAxHjAcBgNVBAgMFTYz
INCh0LDQvNCw0YDRgdC60LDRjzEiMCAGCSqGSIb3DQEJARYTc2VydmljZUBjcnlw
dGV4LnBybzEgMB4GA1UECgwX0J7QntCeINCa0YDQuNC/0YLRjdC60YExFzAVBgNV
BAMMDnRzLmNyeXB0ZXgucHJvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
C4h7O2jnyFzCUCvi1bepEvYlpPqy9tcC1/yfT0DcAmnDr7sYRksRar1Yi5Y6/Em4
WD0tP/8HuKfSei0nQKo2vI1x2KqMR3dldb4j64Vo/ba307owZY5iWYvrAka7gbGU
zZ6/tYR+66nTeLTny5DV2oljBV+OAl/4XLXjz6hfswIDAQABgQkAMUFBMjAwMDKj
gaMwgaAwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud
EwEB/wQCMAAwHQYDVR0OBBYEFDx3LnKjcPemvfwjvIsm+WoY3M0HMCsGA1UdEAQk
MCKADzIwMTEwODE1MTMxMjQ3WoEPMjAxMjA4MTUxMzEyNDdaMB8GA1UdIwQYMBaA
FOy7IUu+JmatNcWB0YRK0/zZgXozMAoGBiqFAwICAwUAA0EA5oqy7oPaCL12ka6r
gdVCH4J7h5Wv60kjwUkPKGFF8UoPNR3IolfxBEWfq7PPGKcJpxVY1J3z/CvdZ24H
ihpoZA==
-----END CERTIFICATE-----


More information about the Gnutls-devel mailing list