[Help-gnutls] Re: How do i retrieve a full DER encoded subject from a gnutls_x509_crt_t

Simon Josefsson simon at josefsson.org
Wed May 23 11:27:04 CEST 2007


Nate Nielsen <nielsen-list at memberwebs.com> writes:

> There are several functions in x509.h to decompose or retrieve parts of
> the subject and issuer of a certificate.
>
> I need to be able to retrieve the full DER encoded subject from a
> gnutls_x509_crt_t (for use in a PKCS#11 module). Any idea how I would go
> about it? I'm sure that there's a painfully obvious solution that I've
> missed...

There is _gnutls_x509_crt_get_raw_dn, but it is not part of the official
API.  I suspect it isn't possible to easily do what you want right now.
Unless someone can think of a better approach, I think we should make
that function an official API function.  Does that sounds OK?

<rant>Btw, I think we should move the gnutls-x509 stuff into a separate
library, and make things more modular...  I'm not sure it makes sense
for GnuTLS to implement all of X.509 internally.  The first step to
replacing the X.509 functions in GnuTLS with an external X.509 library
would be to make it more modular.  This is a lot of work, though...

/Simon





More information about the Gnutls-help mailing list