[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Missing gnutls_x509_crq_sest_subject_alternative_name ?
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Missing gnutls_x509_crq_sest_subject_alternative_name ? |
Date: |
Thu, 18 Sep 2008 09:33:26 +0300 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080724) |
David Marín Carreño wrote:
> Hello all.
>
> As some of you probably know, I am developing gnoMint, a graphical
> X.509 CA manager.
>
> Some of my users are asking for creating certificates with subject
> alternative names.
> Until now, my procedure for creating new certificates involves the
> initial creation of certificate signing requests.
>
> Examining the API, it seems that there exists a
> "gnutls_x509_set_subject_alternative_name" that adds an alternative
> name extension to a certificate structure, but it doesn't exist a
> similar function for adding alternative name(s) to certificate
> requests.
>
> Is there a reason for that? Do you plan to add that function?
I believe the PKCS #10 format we use for requests doesn't explicitly
support this field. I don't know what others (openssl/nss) do in this
respect (maybe it can be added as a custom extension). I'll check it
later today.
regards,
Nikos