[gnutls-help] ANNOUNCE: Qt Certificate Addon
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Dec 19 17:49:03 CET 2012
On Sun, Dec 16, 2012 at 10:18 PM, Richard Moore <rich at kde.org> wrote:
> What is it?
> ===========
> Qt Certificate Addon is a framework for creating X.509 certificates using
> Qt. Unlike the read-only support for certificates that's included in the SSL
> module this API allows new certificates, keys and signing requests to be
> created.
Hello Richard,
The API looks reasonable. I don't know where this is intended to be
used, but it may be useful to have some examples of common usage in
the documentation (e.g. how to generate a certificate for a web
server).
I'd also miss key generation on smart card, but this may not be a
popular use-case for a first release. As I see the API it can easily
accommodate that in the future.
> * Key usage
> * Extended key usage
These two proved to be hard to use in the internet. On a survey of
certificates in web servers those values seem to be randomly selected
based on each admin's understanding of the meaning of the values.
> The code is capable of creating certificates, keys and signing requests with
> support for the most common types of certificate extension. The documentation
> is at a reasonable level, there are examples and a moderate level of unit
> tests. I've only tested the code on Linux, but apart from the RandomGenerator
> class it should work fine on all platforms.
Why not use gnutls' gnutls_rnd()?
regards,
Nikos
More information about the Gnutls-help
mailing list