[Help-gnutls] Parsing certificate extensions and issuer alt names
Brad Hards
bradh at frogmouth.net
Tue Jul 7 11:49:51 CEST 2009
Hi,
I'm trying to provide a GnuTLS backend for the Qt Cryptographic Architecture.
It is going OK (not really "going well", but I'm still making progress).
I have a question about how to parse out something that doesn't really have
support in GnuTLS. My need at the moment is to handle OID 2.5.29.32
(Certificate Policies) and OID 2.5.29.18 (Issuer Alternative Name).
Issuer Alt Name is very similar to Subject Alt Name.
So far, I think I need to use gnutls_x509_crt_get_extension_by_oid() to get
the ASN.1, and then I need to decode it. Its the decoding bit that I'm
uncertain about.
I considered copying some of the get_subject_alt_name() code (from
lib/x509/x509.c) but it seemed like quite a lot of code, and the duplication
seemed undesirable.
I had no idea about how to start the Certificate Policies.
Any suggestions or hints?
Brad
More information about the Gnutls-help
mailing list