From marlam at web.de Wed Jan 5 18:51:11 2005 From: marlam at web.de (Martin Lambers) Date: Wed, 5 Jan 2005 18:51:11 +0100 Subject: [Help-gnutls] gnutls_x509_crt_get_dn() and similar functions Message-ID: <20050105175111.GA23323@cthulhu.lambers.home> Hi! I use gnutls 1.1.22. I'm trying to get information about the peer's certificate and then print it. Since I don't want to use static buffers, I try to find out which size each buffer must have. I have two problems: 1. To get the needed buffer length for the DN, I use size = 0; gnutls_x509_crt_get_dn(cert, NULL, &size); However, this seems to return the length of the string, not the buffer size, so that I have to do size++; before I can do buf = xmalloc(size); gnutls_x509_crt_get_dn(cert, buf, &size); The documentation talks about buffer size, not string length, which is misleading. As a local fix, I changed the lines 283 and 292 in lib/x509/dn.c from *sizeof_buf = out_str.length; to *sizeof_buf = out_str.length + 1; so that the function returns the buffer size, not the string length. 2. I use gnutls_x509_get_dn_by_oid() to get certain fields from the DN: size_t size = 0; gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, NULL, &size); This does not set size to the needed value at all. Adding a line 426 to lib/x509/dn.c *sizeof_buf = len; fixes this problem for me, but I'm not sure that this is the proper solution since I'm not familiar with the asn1_* functions. The same problems occur with the current stable version. Best regards, Martin Lambers From jas at extundo.com Wed Jan 5 20:12:27 2005 From: jas at extundo.com (Simon Josefsson) Date: Wed, 05 Jan 2005 20:12:27 +0100 Subject: [Help-gnutls] Re: gnutls_x509_crt_get_dn() and similar functions In-Reply-To: <20050105175111.GA23323@cthulhu.lambers.home> (Martin Lambers's message of "Wed, 5 Jan 2005 18:51:11 +0100") References: <20050105175111.GA23323@cthulhu.lambers.home> Message-ID: Martin Lambers writes: > Hi! > > I use gnutls 1.1.22. > > I'm trying to get information about the peer's certificate and then > print it. Since I don't want to use static buffers, I try to find out > which size each buffer must have. I have two problems: > > 1. To get the needed buffer length for the DN, I use > size = 0; > gnutls_x509_crt_get_dn(cert, NULL, &size); > However, this seems to return the length of the string, not the > buffer size, so that I have to do > size++; > before I can do > buf = xmalloc(size); > gnutls_x509_crt_get_dn(cert, buf, &size); > The documentation talks about buffer size, not string length, which > is misleading. > As a local fix, I changed the lines 283 and 292 in lib/x509/dn.c from > *sizeof_buf = out_str.length; > to > *sizeof_buf = out_str.length + 1; > so that the function returns the buffer size, not the string length. I believe I have fixed this in CVS, for both branches. > 2. I use gnutls_x509_get_dn_by_oid() to get certain fields from the DN: > size_t size = 0; > gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, > 0, 0, NULL, &size); > This does not set size to the needed value at all. > Adding a line 426 to lib/x509/dn.c > *sizeof_buf = len; > fixes this problem for me, but I'm not sure that this is the proper > solution since I'm not familiar with the asn1_* functions. This appear to have already been solved in CVS, for the development branch. Try a daily snapshot, they are almost as stable as the proper releases. Let me know if you need it in 1.0 as well. The fix was similar to what you propose. Thanks, Simon From marlam at web.de Wed Jan 5 23:54:40 2005 From: marlam at web.de (Martin Lambers) Date: Wed, 5 Jan 2005 23:54:40 +0100 Subject: [Help-gnutls] Re: gnutls_x509_crt_get_dn() and similar functions In-Reply-To: References: <20050105175111.GA23323@cthulhu.lambers.home> Message-ID: <20050105225440.GA21772@cthulhu.lambers.home> On Wed, 05. Jan 2005, 20:12:27 +0100, Simon Josefsson wrote: > > 2. I use gnutls_x509_get_dn_by_oid() to get certain fields from the DN: > > size_t size = 0; > > gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, > > 0, 0, NULL, &size); > > This does not set size to the needed value at all. > > Adding a line 426 to lib/x509/dn.c > > *sizeof_buf = len; > > fixes this problem for me, but I'm not sure that this is the proper > > solution since I'm not familiar with the asn1_* functions. > > This appear to have already been solved in CVS, for the development > branch. Try a daily snapshot, they are almost as stable as the proper > releases. gnutls-20050105 works nicely. Thanks! > Let me know if you need it in 1.0 as well. That would be nice, because I plan to use gnutls_x509_get_dn_by_oid() in msmtp soon. But it's not really important; I can also update the dependency to GnuTLS >= 1.1.23. Thanks for your help! Martin From jas at extundo.com Thu Jan 6 01:36:47 2005 From: jas at extundo.com (Simon Josefsson) Date: Thu, 06 Jan 2005 01:36:47 +0100 Subject: [Help-gnutls] Re: gnutls_x509_crt_get_dn() and similar functions In-Reply-To: <20050105225440.GA21772@cthulhu.lambers.home> (Martin Lambers's message of "Wed, 5 Jan 2005 23:54:40 +0100") References: <20050105175111.GA23323@cthulhu.lambers.home> <20050105225440.GA21772@cthulhu.lambers.home> Message-ID: Martin Lambers writes: >> Let me know if you need it in 1.0 as well. > > That would be nice, because I plan to use gnutls_x509_get_dn_by_oid() in > msmtp soon. But it's not really important; I can also update the > dependency to GnuTLS >= 1.1.23. Perhaps you could do the latter, to get more people to install 1.1... Releasing the 1.1 branch as 1.2 would help with that goal, as well, I guess. And doing that is severely overdue anyway. Hence: Unless anyone speak up and tell us what's wrong with the 1.1.x branch, I will release it as version 1.2 when/if I get back from skiing. You have two weeks. Thanks, Simon