[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] Request for review - X509 Issuer Altname handling
|
From: |
Brad Hards |
|
Subject: |
Re: [patch] Request for review - X509 Issuer Altname handling |
|
Date: |
Tue, 8 Sep 2009 20:30:03 +1000 |
|
User-agent: |
KMail/1.12.0 (Linux/2.6.29.6-217.2.16.fc11.x86_64; KDE/4.3.0; x86_64; ; ) |
On Tuesday 08 September 2009 01:59:09 Simon Josefsson wrote:
> Brad Hards <address@hidden> writes:
> > I've updated the patch to include the self-test. It is otherwise
> > unchanged.
>
> Thank you! It looks fine except one nit:
>
> The code duplication between print_san and print_ian worries me, and the
> print_san code has been changed since you made the patch so they are not
> in sync with your patch. Could you instead generalize print_san into a
> print_an function that takes an additional parameter indicating whether
> it is printing a SAN or IAN?
>
> With that change, it is ready to go in.
It isn't an easy refactoring, but I'm working on it.
During the review, I note that the altname is sanitised if the type is
GNUTLS_SAN_DNSNAME, GNUTLS_SAN_RFC822NAME or GNUTLS_SAN_URI.
Should we also sanitise GNUTLS_SAN_DN ?
Brad