[patch] Request for review - X509 Issuer Altname handling
simon at josefsson.org
Tue Sep 8 12:49:31 CEST 2009
Brad Hards <bradh at frogmouth.net> writes:
> On Tuesday 08 September 2009 01:59:09 Simon Josefsson wrote:
>> Brad Hards <bradh at frogmouth.net> writes:
>> > I've updated the patch to include the self-test. It is otherwise
>> > unchanged.
>> Thank you! It looks fine except one nit:
>> The code duplication between print_san and print_ian worries me, and the
>> print_san code has been changed since you made the patch so they are not
>> in sync with your patch. Could you instead generalize print_san into a
>> print_an function that takes an additional parameter indicating whether
>> it is printing a SAN or IAN?
>> With that change, it is ready to go in.
> It isn't an easy refactoring, but I'm working on it.
Thanks -- a 'bool san' variable, and if-conditions for each gnutls
function call to SAN/IAN functions should suffice.
> During the review, I note that the altname is sanitised if the type is
> GNUTLS_SAN_DNSNAME, GNUTLS_SAN_RFC822NAME or GNUTLS_SAN_URI.
> Should we also sanitise GNUTLS_SAN_DN ?
DN's should already be sanitized (they should be in LDAP encoded form),
although I don't have any test certificates for this. Anyway, it is
best to not touch anything else in your patch, to avoid mixing separate
issues in the same patch.
More information about the Gnutls-devel