[Help-gnutls] Re: Really I can not understand nothing of SSL...
Simon Josefsson
jas at extundo.com
Mon Aug 8 15:41:24 CEST 2005
Andrew Suffield <asuffield at suffields.me.uk> writes:
> On Mon, Aug 08, 2005 at 02:34:04PM +0200, Simon Josefsson wrote:
>> > Why certtool request for a int number for serial?, if I think that
>> > should be >= unsigned long long (64 bit):
>>
>> Hello. 'Unsigned long long' is a non-standard C extension, is it not?
>> We want the code to work with standard compilers.
>
> No, it's C99. If you'd rather have POSIX, use uint64_t.
I believe the goal is for GnuTLS to work on C89 platforms. 'long
long' isn't used by GnuTLS today. Further, according to:
http://www.opengroup.org/onlinepubs/009695399/basedefs/stdint.h.html
uint64_t is not required by POSIX, it is optional. uint64_t is also
not used by GnuTLS today. So I don't think neither is a good solution
here.
X.509 serials are frequently larger than 64 and even 128 bits, so the
real solution would be to make get_serial return a hex string instead.
Then we won't have arbitrary limits, be them 32, 64 or 128 bits.
Fixing that look rather simple; patches welcome.
Regards,
Simon
More information about the Gnutls-help
mailing list