[Help-gnutls] Parsing certificate extensions and issuer alt names

Brad Hards bradh at frogmouth.net
Tue Jul 7 11:49:51 CEST 2009


I'm trying to provide a GnuTLS backend for the Qt Cryptographic Architecture.

It is going OK (not really "going well", but I'm still making progress).

I have a question about how to parse out something that doesn't really have 
support in GnuTLS. My need at the moment is to handle OID 
(Certificate Policies) and OID (Issuer Alternative Name).

Issuer Alt Name is very similar to Subject Alt Name.

So far, I think I need to use gnutls_x509_crt_get_extension_by_oid() to get 
the ASN.1, and then I need to decode it. Its the decoding bit that I'm 
uncertain about.

I considered copying some of the get_subject_alt_name() code (from 
lib/x509/x509.c) but it seemed like quite a lot of code, and the duplication 
seemed undesirable.

I had no idea about how to start the Certificate Policies.

Any suggestions or hints?


More information about the Gnutls-help mailing list