[Help-gnutls] Verifying subjectAltNames
Matthias Wimmer
m at tthias.eu
Fri Jan 26 02:26:47 CET 2007
Hi!
I am trying to find out how to verify subjectAltNames using GnuTLS. For
that I need to check the id-on-xmppAddr as a UTF8String inside a
otherName entity which again is inside this subjectAltName extension.
(This is needed by a server implementation of RFC 3920 which I am
porting from OpenSSL to GnuTLS.)
I first tried to do this using gnutls_x509_crt_get_subject_alt_name() is
the comments on this function tell:
"GNUTLS will return the Alternative name (2.5.29.17), or a negativ error
code."
This does not seem to be true, as this function does not return complete
subjectAltName data, but only parts of it (the hostname). When trying to
read id-on-xmppAddr data inside otherName, GnuTLS just returns an error.
I would highly recomment, that the function description should be
adopted to note, that this function cannot be used to access arbitrary
subjectAltName extensions.
So I tried to use gnutls_x509_crt_get_extension_by_oid() which returns
me the subjectAltName extension, that contains what I am looking for.
The question now is: does GnuTLS support me processing the returned DER
data, or do I have to use libtasn for further processing?
Thank you for any feed-back
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the Gnutls-help
mailing list