[Help-gnutls] Parsing certificate extensions and issuer alt names
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Jul 14 23:18:19 CEST 2009
Brad Hards wrote:
> On Monday 13 July 2009 16:33:48 Nikos Mavrogiannopoulos wrote:
>> Actually I think it might be much easier to do that inside gnutls by
>> extending get_subject_alt_name() to be able to accept the OID as
>> parameter to parse the 2.5.29.18 extension as well. Then would be easy
>> to submit a gnutls_x509_crt_get_issuer_alt_name that can be added to
>> gnutls.
> I had a first cut at this. See attached patch.
>
> Thoughts / comments?
Looks ok to me. Only some comment:
+ if (strncmp("2.5.29.18", extension_id, 9) == 0)
+ {
+ result = asn1_create_element(_gnutls_get_pkix (),
"PKIX1.IssuerAltName", &c2);
+ }
+ else if (strncmp("2.5.29.17", extension_id, 9) == 0)
Here it should have been strcmp instead of strncmp to avoid having false
positives (such as 2.5.29.17 == 2.5.29.17.24) in some future extension.
If you could send me an updated version I'll commit it.
best regards,
Nikos
More information about the Gnutls-help
mailing list