[gnutls-dev] non-ASCII ASN.1 string types
Joe Orton
joe at manyfish.co.uk
Sun Oct 17 16:26:27 CEST 2004
On Sun, Oct 17, 2004 at 03:03:57PM +0200, Nikos Mavrogiannopoulos wrote:
> On Sunday 17 October 2004 13:55, Joe Orton wrote:
>
> > Well I guess the interface is simply not flexible enough for this to be
> > decided by the app, where ultimately it should be. I have no need for
> > 2253-style formatting in neon, I'd prefer to be able to skip RDNs which
> > I can't produce human-readable strings from than show random hex strings
> > to the user.
> Well UCS-2 and UCS-4 certificates are quite rare to come by so in most of the
> cases you have a readable string.
>
> > Ah, yes, I couldn't work out at all what _get_dn_oid was putting the
> > passed-in buffer. Can you explain how the OIDs are formatted in the
> > buffer, or give an example of how I'd do this?
> I don't have an example but in brief you call _get_dn_oid() using a counter
> for index. For value 0 of the counter you get the first OID, which will be
> something like 1.2.3.4.5 (null terminated string).
So the void *oid parameter is really just supposed to be a preallocated
char array into which the OID is written out as a NUL-terminated dotted
decimal string? For me it doesn't seem to put anything in the oid
buffer at all, it just updates the length parameter. Am I doing
something wrong? The lengths look right if they don't include the NUL
terminator, from countryName -> strlen(2.5.4.6) == 7 to emailAddress ->
strlen(1.2.840.113549.1.9.1) == 20.
The scratch code I'm trying is below:
int ret, idx = 0;
do {
char oid[32] = {0};
size_t oidlen = sizeof oid;
ret = name->subject
? gnutls_x509_crt_get_dn_oid(name->cert, idx, oid, &oidlen)
: gnutls_x509_crt_get_issuer_dn_oid(name->cert, idx, oid, &oidlen);
if (ret == 0) {
NE_DEBUG(NE_DBG_SSL, "got oid idx %d, len = %u: [%.*s]: ",
idx, oidlen, (int)oidlen, oid);
NE_DEBUG(NE_DBG_SSL, "oid[0..3] is 0x%x 0x%x 0x%x 0x%x\n",
((int)oid[0]),
((int)oid[1]),
((int)oid[2]),
((int)oid[3]));
idx++;
}
} while (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
the debugging output is:
got oid idx 0, len = 7: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 1, len = 7: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 2, len = 7: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 3, len = 8: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 4, len = 8: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 5, len = 7: []: oid[0..3] is 0x0 0x0 0x0 0x0
got oid idx 6, len = 20: []: oid[0..3] is 0x0 0x0 0x0 0x0
More information about the Gnutls-dev
mailing list