[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#35787: 26.2; gnutls: accessing raw server certificate data

From: Lars Ingebrigtsen
Subject: bug#35787: 26.2; gnutls: accessing raw server certificate data
Date: Tue, 09 Jul 2019 04:42:58 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Julian Scheid <address@hidden> writes:

> Hello, I would like to request a feature: accessing the raw certificate
> of a server connected to via `gnutls-negotiate' (or such).
> Currently, `gnutls-peer-status' only allows accessing high-level
> information extracted from the certificate, such as the issuer, but not
> the certificate data itself.

Other details are returned in the process object, like
gnutls_x509_crt_get_fingerprint of the certificate.

> Access to the raw certificate data would allow implementing the
> `tls-server-endpoint' channel binding type as per
> https://tools.ietf.org/html/rfc5929#section-4.1 , which requires
>> [t]he hash of the TLS server's certificate [RFC5280] as it
>> appears, octet for octet, in the server's Certificate message.  Note
>> that the Certificate message contains a certificate_list, in which
>> the first element is the server's certificate.

Does this hash relate in any way to gnutls_x509_crt_get_fingerprint?

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]