[Help-gnutls] Parsing certificate extensions and issuer alt names
nmav at gnutls.org
Mon Jul 13 08:33:48 CEST 2009
Brad Hards wrote:
> I'm trying to provide a GnuTLS backend for the Qt Cryptographic Architecture.
> It is going OK (not really "going well", but I'm still making progress).
> I have a question about how to parse out something that doesn't really have
> support in GnuTLS. My need at the moment is to handle OID 18.104.22.168
> (Certificate Policies) and OID 22.214.171.124 (Issuer Alternative Name).
> Issuer Alt Name is very similar to Subject Alt Name.
> So far, I think I need to use gnutls_x509_crt_get_extension_by_oid() to get
> the ASN.1, and then I need to decode it. Its the decoding bit that I'm
> uncertain about.
Actually I think it might be much easier to do that inside gnutls by
extending get_subject_alt_name() to be able to accept the OID as
parameter to parse the 126.96.36.199 extension as well. Then would be easy
to submit a gnutls_x509_crt_get_issuer_alt_name that can be added to gnutls.
> I had no idea about how to start the Certificate Policies.
For that you might want to see dn.c:gnutls_x509_rdn_get function that
parses the rdnSequence of PKIX. It is mostly libtasn1 stuff you'd need
but indeed the policies extension looks not to be the easier structure
More information about the Gnutls-help