[Help-gnutls] Re: Really I can not understand nothing of SSL...

Simon Josefsson jas at extundo.com
Wed Aug 10 11:15:12 CEST 2005

Fran <e_agf at yahoo.es> writes:

>> There are many options, but the most flexible is probably to use a
>> real bignum library.  There is one in libgcrypt, which GnuTLS uses.
> Thanks, seems good choice; but I think (in my opinion) that serial
> number should be unique (not int here and BIGNUM there).

Agreed, but the GnuTLS API never uses int for X.509 serials.  The tool
does, but it has to convert it to a printable format somehow.
Arguable it should use libgcrypt..

>> Right, strtoll will only work for small integers.
> Right
>> If I don't have time to implement ideas, I try to write them down into
>> TODO.  Are your ideas in there?  Code, on the other hand, doesn't
>> write itself...
> Ideas = tar.gz archive with C code (as well I can). Skeleton of interface  + Makefile for examples/doc

I fixed the examples now, they should be built during a normal build,
so any problems should be spotted easily.  I don't recall the other
matters, do you have a message-id or something?

> Another thing, in 1.2.4 one certificate dn_size for  
> gnutls_x509_crt_get_dn -> 111 bytes
> gnutls_x509_crt_get_issuer_dn -> 98 bytes
> now, the same certificate, in 1.2.6
> - 110 bytes and 97bytes
> ¿It is ok?

Yes, see NEWS:

- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
  reported by Adam Langley <alangley at gmail.com>.


More information about the Gnutls-help mailing list