[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] Request for review - X509 Issuer Altname handling
|
From: |
Simon Josefsson |
|
Subject: |
Re: [patch] Request for review - X509 Issuer Altname handling |
|
Date: |
Tue, 08 Sep 2009 12:49:31 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Brad Hards <address@hidden> writes:
> On Tuesday 08 September 2009 01:59:09 Simon Josefsson wrote:
>> Brad Hards <address@hidden> writes:
>> > I've updated the patch to include the self-test. It is otherwise
>> > unchanged.
>>
>> Thank you! It looks fine except one nit:
>>
>> The code duplication between print_san and print_ian worries me, and the
>> print_san code has been changed since you made the patch so they are not
>> in sync with your patch. Could you instead generalize print_san into a
>> print_an function that takes an additional parameter indicating whether
>> it is printing a SAN or IAN?
>>
>> With that change, it is ready to go in.
> It isn't an easy refactoring, but I'm working on it.
Thanks -- a 'bool san' variable, and if-conditions for each gnutls
function call to SAN/IAN functions should suffice.
> During the review, I note that the altname is sanitised if the type is
> GNUTLS_SAN_DNSNAME, GNUTLS_SAN_RFC822NAME or GNUTLS_SAN_URI.
>
> Should we also sanitise GNUTLS_SAN_DN ?
DN's should already be sanitized (they should be in LDAP encoded form),
although I don't have any test certificates for this. Anyway, it is
best to not touch anything else in your patch, to avoid mixing separate
issues in the same patch.
/Simon