From nmav at gnutls.org  Wed Feb  6 15:07:48 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Wed, 6 Feb 2002 16:07:48 +0200
Subject: [Help-gnutls] Checking hostname against certificate
In-Reply-To: <20020128192935.GA8505@mcdonald.org.uk>
References: <20020127212237.GA18461@mcdonald.org.uk>
	<20020128101308.07d395a3.nmav@gnutls.org>
	<20020128192935.GA8505@mcdonald.org.uk>
Message-ID: <20020206160748.5544da98.nmav@gnutls.org>

On Mon, 28 Jan 2002 19:29:36 +0000 Andrew McDonald <andrew at mcdonald.org.uk> wrote:

> > This function was never tested.. Please, send me the certificate that
> > contains the dnsname, email extensions, so I can give it a test (and a fix).
> > > 2.5.29.17 is the OID for an AltName extension. How does
> > > _gnutls_get_extension know you want the dNSName?
> > it does not :)
> Ah. Good. I was a bit worried that I couldn't see how it could possibly
> do what it was supposed to. :-)
I've just commited a corrected function. The prototype is now:

typedef enum GNUTLS_X509_SUBJECT_ALT_NAME {
        GNUTLS_SAN_DNSNAME=1, GNUTLS_SAN_RFC822NAME,
        GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS
} GNUTLS_X509_SUBJECT_ALT_NAME;

/**
  * gnutls_x509_extract_subject_alt_name - This function returns the peer's alt name, if any
  * @cert: should contain an X.509 DER encoded certificate
  * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
  * @type: Holds the alternative's name type
  * @ret: is the place where dns name will be copied to
  * @ret_size: holds the size of ret.
  *
  * This function will return the alternative name (the dns part of it), contained in the
  * given certificate.
  *
  * This is specified in X509v3 Certificate Extensions.
  * GNUTLS will return the Alternative name, or a negative
  * error code.
  * Returns GNUTLS_E_MEMORY_ERROR if ret_size is not enough to hold the alternative name,
  * or the size of alternative name if everything was ok.
  *
  * If the certificate does not have an Alternative name then returns GNUTLS_E_DATA_NOT_AVAILABLE;
  *
  **/
int gnutls_x509_extract_subject_alt_name(const gnutls_datum * cert, int seq, GNUTLS_X509_SUBJECT_ALT_NAME* type
                                            char *ret, int *ret_size);


I know this is more complex... but subjectAltName extension is also a complex one :)

> Regards,
> 
> 
> Andrew
> -- 
> Andrew McDonald
> E-mail: andrew at mcdonald.org.uk
> http://www.mcdonald.org.uk/andrew/
> 


-- 
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org



From andrew at mcdonald.org.uk  Wed Feb  6 23:13:21 2002
From: andrew at mcdonald.org.uk (Andrew McDonald)
Date: Wed, 6 Feb 2002 22:13:21 +0000
Subject: [Help-gnutls] Checking hostname against certificate
In-Reply-To: <20020206160748.5544da98.nmav@gnutls.org>
References: <20020127212237.GA18461@mcdonald.org.uk> <20020128101308.07d395a3.nmav@gnutls.org> <20020128192935.GA8505@mcdonald.org.uk> <20020206160748.5544da98.nmav@gnutls.org>
Message-ID: <20020206221321.GB21009@mcdonald.org.uk>

On Wed, Feb 06, 2002 at 04:07:48PM +0200, Nikos Mavroyanopoulos wrote:
> On Mon, 28 Jan 2002 19:29:36 +0000 Andrew McDonald
> <andrew at mcdonald.org.uk> wrote:
> 
> > > This function was never tested.. Please, send me the certificate
> > > that contains the dnsname, email extensions, so I can give it a
> > > test (and a fix).
> > > > 2.5.29.17 is the OID for an AltName extension. How does
> > > > _gnutls_get_extension know you want the dNSName?
> > > it does not :)
> > Ah. Good. I was a bit worried that I couldn't see how it could possibly
> > do what it was supposed to. :-)
> I've just commited a corrected function. The prototype is now:
[snip]
> 
> I know this is more complex... but subjectAltName extension is also a
> complex one :)

Yes. It looks more sensible than the previous one did for this. Thanks.

I'm currently having trouble building from CVS:
../src/asn1c gnutls.asn gnutls_asn1_tab.c
make[2]: ../src/asn1c: Command not found
make[2]: [gnutls_asn1_tab.c] Error 127 (ignored)

Is there a bootstrapping problem here? - It looks like asn1c needs
libgnutls.la and libgnutls.la needs asn1c. Copying an asn1c from a
previous build gave me a parse error on gnutls.asn.


Andrew
-- 
Andrew McDonald
E-mail: andrew at mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/



From nmav at gnutls.org  Thu Feb  7 15:57:43 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Thu, 7 Feb 2002 16:57:43 +0200
Subject: [Help-gnutls] Checking hostname against certificate
In-Reply-To: <20020206221321.GB21009@mcdonald.org.uk>
References: <20020127212237.GA18461@mcdonald.org.uk>
	<20020128101308.07d395a3.nmav@gnutls.org>
	<20020128192935.GA8505@mcdonald.org.uk>
	<20020206160748.5544da98.nmav@gnutls.org>
	<20020206221321.GB21009@mcdonald.org.uk>
Message-ID: <20020207165743.51ac256e.nmav@gnutls.org>

On Wed, 6 Feb 2002 22:13:21 +0000 Andrew McDonald <andrew at mcdonald.org.uk> wrote:

> Yes. It looks more sensible than the previous one did for this. Thanks.
> I'm currently having trouble building from CVS:
> ../src/asn1c gnutls.asn gnutls_asn1_tab.c
> make[2]: ../src/asn1c: Command not found
> make[2]: [gnutls_asn1_tab.c] Error 127 (ignored)
> Is there a bootstrapping problem here? - It looks like asn1c needs
> libgnutls.la and libgnutls.la needs asn1c. Copying an asn1c from a
> previous build gave me a parse error on gnutls.asn.
This is the chicken and egg problem. I've added the missing .c
file to the cvs.

> 
> 
> Andrew
> -- 
> Andrew McDonald
> E-mail: andrew at mcdonald.org.uk
> http://www.mcdonald.org.uk/andrew/
> 
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> http://mail.gnu.org/mailman/listinfo/help-gnutls


-- 
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org



From andrew at mcdonald.org.uk  Fri Feb  8 23:45:42 2002
From: andrew at mcdonald.org.uk (Andrew McDonald)
Date: Fri, 8 Feb 2002 22:45:42 +0000
Subject: [Help-gnutls] Checking hostname against certificate
In-Reply-To: <20020207165743.51ac256e.nmav@gnutls.org>
References: <20020127212237.GA18461@mcdonald.org.uk> <20020128101308.07d395a3.nmav@gnutls.org> <20020128192935.GA8505@mcdonald.org.uk> <20020206160748.5544da98.nmav@gnutls.org> <20020206221321.GB21009@mcdonald.org.uk> <20020207165743.51ac256e.nmav@gnutls.org>
Message-ID: <20020208224541.GC13072@mcdonald.org.uk>

On Thu, Feb 07, 2002 at 04:57:43PM +0200, Nikos Mavroyanopoulos wrote:
> On Wed, 6 Feb 2002 22:13:21 +0000 Andrew McDonald
> <andrew at mcdonald.org.uk> wrote:
> 
> > Yes. It looks more sensible than the previous one did for this. Thanks.
> > I'm currently having trouble building from CVS:
[snip]
> This is the chicken and egg problem. I've added the missing .c
> file to the cvs.

Having got the CVS version of gnutls to build,
gnutls_x509_extract_subject_alt_name seems to be working ok.

Many thanks,

Andrew
-- 
Andrew McDonald
E-mail: andrew at mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/