[Help-gnutls] Re: Really I can not understand nothing of SSL...

Simon Josefsson jas at extundo.com
Tue Aug 9 13:13:19 CEST 2005

Fran <e_agf at yahoo.es> writes:

> What need a stupid programmer like me here?
> It's easy:
> - Extract the visible parameters, like serial, CN, Issuer, etc... (real
> world)
> Why?
> Common name and serial identify a certificate ->> Identify an user.
> Which is the problem?, if I make a struct to store visible parameters, I
> do not known sizeof(serial). Could be store in hexadecimal number, but
> hexadecimal number is very difficult to manage. (The limit is in the
> sky)

There are many options, but the most flexible is probably to use a
real bignum library.  There is one in libgcrypt, which GnuTLS uses.

>> gnutls_x509_crt_get_serial (cert, serial, &serial_size) >= 0)
> Isn't hexadecimal, decimal.
> 1,844674407 E19 /* puuufff */
> X509_useful.serial = strtoll (raw_to_string (serial, serial_size), NULL,
> 10); /* bug, bug,bug, if expected size > 2^64 */

Right, strtoll will only work for small integers.

>>If this is important for you, please propose a patch for
>> inclusion.
> Time ago I sent you some ideas, about other things >> trash.

If I don't have time to implement ideas, I try to write them down into
TODO.  Are your ideas in there?  Code, on the other hand, doesn't
write itself...


More information about the Gnutls-help mailing list