[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#35787: 26.2; gnutls: accessing raw server certificate data

From: Lars Ingebrigtsen
Subject: bug#35787: 26.2; gnutls: accessing raw server certificate data
Date: Tue, 09 Jul 2019 15:44:42 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Julian Scheid <address@hidden> writes:

> So, to make this work it looks like I'd need either
> 1) the fingerprint, but using the hash function as required by the RFC, or
> 2) the certificate as a binary blob.

I think putting the signature itself in the process object (in addition
to all the details) makes some sense, but perhaps it's wastes
unnecessary memory...

There's gnutls-peer-status, and that could also be amended to return the
full certificate.  But, again, that's also called for virtually any TLS

Perhaps a new function to return the actual certificate?  And perhaps it
should just return the entire certificate chain?

Anybody got an opinion here?

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]