[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Checking hostname against certificate
From: |
Andrew McDonald |
Subject: |
Re: [Help-gnutls] Checking hostname against certificate |
Date: |
Mon, 28 Jan 2002 19:29:36 +0000 |
User-agent: |
Mutt/1.5.0i |
On Mon, Jan 28, 2002 at 10:13:08AM +0200, Nikos Mavroyanopoulos wrote:
> On Sun, 27 Jan 2002 21:22:37 +0000 Andrew McDonald <address@hidden> wrote:
>
> > (Actually, might something along these lines be useful to put into
> > libgnutls itself?)
> Well X.509 is a REALLY bloated protocol. There are a lot of things that
> we should handle. An X.509 certificate may even contain videos, photographs
> and anything that can get an OID.
So I discovered on reading Peter Gutmann's X.509 Style Guide.
> For gnutls I intend to add only basic functionality required to work.
> (Hopefully there is aegypten, but I don't know how far it can go
> yet.)
Yes, this does seem more to belong in libksba since it is purely an
'X.509 thing' rather than doing any TLS.
> > gnutls_x509pki_extract_subject_dns_name doesn't seem to be working.
> > As far as I understand it, this should extract a DNS name from a
> > Subject Alternative Name X.509v3 extension (as described in RFC2549,
> > section 4.2.1.7).
> This function was never tested.. Please, send me the certificate that
> contains the dnsname, email extensions, so I can give it a test (and a fix).
>
> > 2.5.29.17 is the OID for an AltName extension. How does
> > _gnutls_get_extension know you want the dNSName?
> it does not :)
Ah. Good. I was a bit worried that I couldn't see how it could possibly
do what it was supposed to. :-)
I've attached imapd.pem, a test certificate (since this is a test key
I've included the private part as well to give you maximum flexibility
in testing). This was generated from the attached imapd.cnf using the
command:
openssl req -new -x509 -days 365 -nodes -out imapd.pem -keyout
imapd.pem -config imapd.cnf
Regards,
Andrew
--
Andrew McDonald
E-mail: address@hidden
http://www.mcdonald.org.uk/andrew/
imapd.pem
Description: Text document
imapd.cnf
Description: Text document