[Help-gnutls] Re: Verifying subjectAltNames

Matthias Wimmer m at tthias.eu
Wed Feb 7 22:28:08 CET 2007


Hi Simon!


I now implemented checking of id-on-xmppAddr in the RFC 3920 server 
using libtasn1 directly (to be compatible with existing versions of GnuTLS).

But I am still interested in having direct id-on-xmppAddr support in 
GnuTLS, so I continued thinking about an interface: I don't think that 
our initial idea would be working. (Having one or two functions 
returning the OID for an otherName and its content.)
This won't work, as I think we cannot know the content of the 
otherName.value part. In case of id-on-xmppAddr it is an UTF8String, but 
I guess it might also use other string representations. So we will still 
be only able to return known types of otherName. Right?
So if I am not wrong, we should be able to just extend 
gnutls_x509_subject_alt_name_t to be able to represent id-on-xmppAddr 
and report the new value back in gnutls_x509_crt_get_subject_alt_name().


Matthias





More information about the Gnutls-help mailing list