RFC - support for subjectUniqueID and issuerUniqueID
Simon Josefsson
simon at josefsson.org
Wed Aug 11 14:01:47 CEST 2010
Brad Hards <bradh at frogmouth.net> writes:
> On Wednesday, August 11, 2010 09:31:58 pm Simon Josefsson wrote:
>> Generally, I think we should have an API to extract arbitrary extensions
>> instead of adding new APIs for each and every strange extension. I
>> think we already have these APIs though?
> I agree.
>
>> I don't see any extensions in your certificate though? So I'm not sure
>> exactly what fields you are talking about.
> These fields aren't an extension. From RFC 3280 (or 5280):
> TBSCertificate ::= SEQUENCE {
> version [0] EXPLICIT Version DEFAULT v1,
> serialNumber CertificateSerialNumber,
> signature AlgorithmIdentifier,
> issuer Name,
> validity Validity,
> subject Name,
> subjectPublicKeyInfo SubjectPublicKeyInfo,
> issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
> -- If present, version MUST be v2 or v3
> subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
> -- If present, version MUST be v2 or v3
> extensions [3] EXPLICIT Extensions OPTIONAL
> -- If present, version MUST be v3
> }
>
>> jas at mocca:~$ dumpasn1 cert
>> 13 16: INTEGER BD 76 DF 42 47 0A 00 8D 47 3E 74 3F A1 DC 8B BD
> This is one of them (I can't tell which, since they're the same for this
> cert). UniqueIdentifier is a BIT STRING.
Ah, thanks. Then I believe we should have native APIs for it, since the
fields are so tied in with the core format.
/Simon
More information about the Gnutls-devel
mailing list