[Help-gnutls] Re: Verifying subjectAltNames
m at tthias.eu
Wed Feb 7 22:28:08 CET 2007
I now implemented checking of id-on-xmppAddr in the RFC 3920 server
using libtasn1 directly (to be compatible with existing versions of GnuTLS).
But I am still interested in having direct id-on-xmppAddr support in
GnuTLS, so I continued thinking about an interface: I don't think that
our initial idea would be working. (Having one or two functions
returning the OID for an otherName and its content.)
This won't work, as I think we cannot know the content of the
otherName.value part. In case of id-on-xmppAddr it is an UTF8String, but
I guess it might also use other string representations. So we will still
be only able to return known types of otherName. Right?
So if I am not wrong, we should be able to just extend
gnutls_x509_subject_alt_name_t to be able to represent id-on-xmppAddr
and report the new value back in gnutls_x509_crt_get_subject_alt_name().
More information about the Gnutls-help