[Help-gnutls] Re: Really I can not understand nothing of SSL...
Fran
e_agf at yahoo.es
Tue Aug 9 17:50:37 CEST 2005
> There are many options, but the most flexible is probably to use a
> real bignum library. There is one in libgcrypt, which GnuTLS uses.
Thanks, seems good choice; but I think (in my opinion) that serial
number should be unique (not int here and BIGNUM there).
> Right, strtoll will only work for small integers.
Right
> If I don't have time to implement ideas, I try to write them down into
> TODO. Are your ideas in there? Code, on the other hand, doesn't
> write itself...
Ideas = tar.gz archive with C code (as well I can). Skeleton of interface + Makefile for examples/doc
Another thing, in 1.2.4 one certificate dn_size for
gnutls_x509_crt_get_dn -> 111 bytes
gnutls_x509_crt_get_issuer_dn -> 98 bytes
now, the same certificate, in 1.2.6
- 110 bytes and 97bytes
¿It is ok?
And I can not copy (I can print it) issuer_dn with strncpy, snprintf or
memcpy (segfault), only with (dn_size - 40); store size 256 > 97
¿returned size is correct?, seems to be bigger.
> dn_size = sizeof (dn);
> ret = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
> if (ret >= 0)
> {
> ..."Saving to Useful:sizeof store %u, %s (%u bytes)", sizeof(X509_useful.issuer_client),dn, dn_size);
> snprintf (X509_useful.issuer_client, 254, "%s", dn); /*Work ok*/
> ..."Printing; %s (%u bytes)", dn, dn_size);
>
> ..."Subject: %s", X509_useful.issuer_client);
> }
> else
> {
> ..."get_dn: %s", gnutls_strerror (ret));
> };
> /* Issuer
> */
> ret = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
> if (ret >= 0)
> {
> ..."Saving to Useful: sizeof store %u, %s (%u bytes) to copy %u", sizeof(r->X509_useful.issuer_ca),dn, d
> /*snprintf ()*/
> /* strncpy (r->X509_useful.issuer_ca, dn, dn_size - 10 );*/
> memcpy (r->X509_useful.issuer_ca, dn, dn_size - 10 );/*Do not work*/
> ..."Printing; %s (%u bytes) to copy %u", dn, dn_size, dn_size - 10 );
> ..."Issuer: %s", X509_useful.issuer_ca);
> }
> else
> {
> ..."get_issuer_dn: %s", gnutls_strerror (ret));
> };
>
------------------
> if (cbuf == NULL)
> *sizeof_buf = 0;
>
>
> len = *sizeof_buf;
> result =
> asn1_read_value(asn1_struct, tmpbuffer3, buf, &len);<------------
>
> if (result != ASN1_SUCCESS) {
> gnutls_assert();
> if (result==ASN1_MEM_ERROR)
> ------->*sizeof_buf = len;
> result = _gnutls_asn2err(result);
> goto cleanup;
> }
>
> if (raw_flag != 0) {
> if ((uint) len > *sizeof_buf) {
> -----> *sizeof_buf = len;
> result = GNUTLS_E_SHORT_MEMORY_BUFFER;
> goto cleanup;
> }
> -------->*sizeof_buf = len;
>
> return 0;
>
> } else { /* parse data. raw_flag == 0 */
> printable = _gnutls_x509_oid_data_printable(oid);
> if (printable == 1)
> result =
> _gnutls_x509_oid_data2string(oid, buf, len,
> cbuf, sizeof_buf);
> else
> result =
> _gnutls_x509_data2hex(buf, len, cbuf,
> sizeof_buf);
>
> if (result < 0) {
> gnutls_assert();
> goto cleanup;
> }
>
> return 0;
>
Regards,
More information about the Gnutls-help
mailing list