[Help-gnutls] Parsing certificate extensions and issuer alt names

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jul 14 23:18:19 CEST 2009


Brad Hards wrote:
> On Monday 13 July 2009 16:33:48 Nikos Mavrogiannopoulos wrote:
>> Actually I think it might be much easier to do that inside gnutls by
>> extending get_subject_alt_name() to be able to accept the OID as
>> parameter to parse the 2.5.29.18 extension as well. Then would be easy
>> to submit a gnutls_x509_crt_get_issuer_alt_name that can be added to
>> gnutls.
> I had a first cut at this. See attached patch.
> 
> Thoughts / comments?

Looks ok to me. Only some comment:

+  if (strncmp("2.5.29.18", extension_id, 9) == 0)
+    {
+      result = asn1_create_element(_gnutls_get_pkix (),
"PKIX1.IssuerAltName", &c2);
+    }
+  else if (strncmp("2.5.29.17", extension_id, 9) == 0)

Here it should have been strcmp instead of strncmp to avoid having false
positives (such as 2.5.29.17 == 2.5.29.17.24) in some future extension.
If you could send me an updated version I'll commit it.

best regards,
Nikos







More information about the Gnutls-help mailing list