RFC - support for subjectUniqueID and issuerUniqueID
Brad Hards
bradh at frogmouth.net
Wed Aug 11 13:56:25 CEST 2010
On Wednesday, August 11, 2010 09:31:58 pm Simon Josefsson wrote:
> Generally, I think we should have an API to extract arbitrary extensions
> instead of adding new APIs for each and every strange extension. I
> think we already have these APIs though?
I agree.
> I don't see any extensions in your certificate though? So I'm not sure
> exactly what fields you are talking about.
These fields aren't an extension. From RFC 3280 (or 5280):
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
> jas at mocca:~$ dumpasn1 cert
> 13 16: INTEGER BD 76 DF 42 47 0A 00 8D 47 3E 74 3F A1 DC 8B BD
This is one of them (I can't tell which, since they're the same for this
cert). UniqueIdentifier is a BIT STRING.
Brad
More information about the Gnutls-devel
mailing list