[Help-gnutls] Re: gnutls_x509_crt_get_dn() and similar functions

[Simon Josefsson]

Martin Lambers <address@hidden> writes:

> Hi!
>
> I use gnutls 1.1.22.
>
> I'm trying to get information about the peer's certificate and then
> print it. Since I don't want to use static buffers, I try to find out
> which size each buffer must have. I have two problems:
>
> 1. To get the needed buffer length for the DN, I use
>         size = 0;
>         gnutls_x509_crt_get_dn(cert, NULL, &size);
>    However, this seems to return the length of the string, not the
>    buffer size, so that I have to do 
>         size++;
>    before I can do
>         buf = xmalloc(size);
>         gnutls_x509_crt_get_dn(cert, buf, &size);
>    The documentation talks about buffer size, not string length, which
>    is misleading. 
>    As a local fix, I changed the lines 283 and 292 in lib/x509/dn.c from
>         *sizeof_buf = out_str.length;
>    to
>         *sizeof_buf = out_str.length + 1;
>    so that the function returns the buffer size, not the string length.

I believe I have fixed this in CVS, for both branches.

> 2. I use gnutls_x509_get_dn_by_oid() to get certain fields from the DN:
>         size_t size = 0;
>         gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
>                 0, 0, NULL, &size);
>    This does not set size to the needed value at all.
>    Adding a line 426 to lib/x509/dn.c
>         *sizeof_buf = len;
>    fixes this problem for me, but I'm not sure that this is the proper
>    solution since I'm not familiar with the asn1_* functions.

This appear to have already been solved in CVS, for the development
branch.  Try a daily snapshot, they are almost as stable as the proper
releases.  Let me know if you need it in 1.0 as well.  The fix was
similar to what you propose.

Thanks,
Simon