[gnutls-help] Cert in DER, a pleasant surprise...?
Rick van Rein
rick at openfortress.nl
Tue Mar 26 21:19:02 CET 2019
Hi,
I read in your docs on "gnutls_certificate_get_crt_raw ()" that it
intends to "return the DER encoded certificate of the server". That
raises a few questions.
1.
Did you mean to return the _peer_ certificate, or always the _server_
certificate?
2.
When the certificate is not DER-encoded, do you recode it? That would
be quite useful! This is not a PEM-or-DER question but BER-or-DER. The
TBSCertificate needs to be canonical so DER, but the Certificate around
it may be BER, as specified in . Not sure everyone knows this... and
having it repackaged would be pleasant to stop bugs caused by it.
I'm going by RFC 3280/5280, and RFC 8446 details DER for every
CertificateEntry, but I don't believe that RFC 5246 does the same?
Sorry for the attention of detail, it might be a security thing...
Cheers,
-Rick
More information about the Gnutls-help
mailing list