gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC - support for subjectUniqueID and issuerUniqueID

From: Brad Hards
Subject: Re: RFC - support for subjectUniqueID and issuerUniqueID
Date: Wed, 11 Aug 2010 21:56:25 +1000
User-agent: KMail/1.13.5 (Linux/2.6.32.16-141.fc12.x86_64; KDE/4.4.5; x86_64; ; ) 
On Wednesday, August 11, 2010 09:31:58 pm Simon Josefsson wrote:
> Generally, I think we should have an API to extract arbitrary extensions
> instead of adding new APIs for each and every strange extension.  I
> think we already have these APIs though?
I agree.

> I don't see any extensions in your certificate though?  So I'm not sure
> exactly what fields you are talking about.
These fields aren't an extension. From RFC 3280 (or 5280):
   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3
        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3
        extensions      [3]  EXPLICIT Extensions OPTIONAL
                             -- If present, version MUST be v3
        }

> address@hidden:~$ dumpasn1 cert
>   13   16:     INTEGER BD 76 DF 42 47 0A 00 8D 47 3E 74 3F A1 DC 8B BD
This is one of them (I can't tell which, since they're the same for this 
cert). UniqueIdentifier is a BIT STRING.

Brad
reply via email to
[Prev in Thread] Current Thread [Next in Thread]