[gnutls-help] RFC4514 compliance in gnutls_x509_crt_get_dn()?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jul 17 09:47:33 CEST 2016

On Fri, 2016-07-15 at 14:32 +0200, Pierre Ossman wrote:

> As far as RFC4514 vs other human-readable, you could mark the OIDs
> in 
> the list as being RFC4514 compliant or not. Separate functions could 
> then be provided depending on if you want something with strict 
> adherence to the RFC, or just something nice to present to the user.

That could be an option, but we have to see who would be the consumer
of such API. Why would this be used today? DNs are being deprecated
over PKIX and the subjectAlternativeName is the only way to specify
names (for end-certificates) today. Are there use cases of certificate
DNs today that I am missing?

> (Btw. if I'm reading the code correctly then GnuTLS currently cannot 
> fully parse its own output. Handling of the #<hex> fallback for
> values currently just returns a parse error.)

Could be. Which functions do you refer to?


More information about the Gnutls-help mailing list