Missing gnutls_x509_crq_sest_subject_alternative_name ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Sep 18 08:33:26 CEST 2008


David Marín Carreño wrote:
> Hello all.
> 
> As some of you probably know, I am developing gnoMint, a graphical
> X.509 CA manager.
> 
> Some of my users are asking for creating certificates with subject
> alternative names.
> Until now, my procedure for creating new certificates involves the
> initial creation of certificate signing requests.
> 
> Examining the API, it seems that there exists a
> "gnutls_x509_set_subject_alternative_name" that adds an alternative
> name extension to a certificate structure, but it doesn't exist a
> similar function for adding alternative name(s) to certificate
> requests.
> 
> Is there a reason for that? Do you plan to add that function?

I believe the PKCS #10 format we use for requests doesn't explicitly
support this field. I don't know what others (openssl/nss) do in this
respect (maybe it can be added as a custom extension). I'll check it
later today.

regards,
Nikos





More information about the Gnutls-devel mailing list