gnutls SAN URI support RE: slow down and organize from peter williams on 2011-02-24 (public-xg-webid@w3.org from February 2011)

From: peter williams <home_pw@msn.com>
Date: Wed, 23 Feb 2011 22:03:14 -0800
To: <public-xg-webid@w3.org>
Message-ID: <SNT143-ds137CC4865B669EC54935392DA0@phx.gbl>

Does anyone here have really solid gnu/fsf community knowhow or skills? (I
don't, not having built unix src or fiddled with unix packaging conventions
for 2 decades). I bet I still *can* fix C code though, to add support for
the SAN URI in gnutls's certtool(1).  

 

As seen below, there is relatively simple config structure that allows the
certtool(1) to format certs from a template file, which as yet is missing
support for templating the SAN URI values we need.  Hopefully, I can remedy
that.

 

I'll need help getting any changes into mainline source trees, based on my
"proof of concept" code. I can probably make it work.  But, I'll need help
to get things into a form that professional code maintainers will accept.

 

typedef struct _cfg_ctx

{

  char *organization;

  char *unit;

  char *locality;

  char *state;

  char *cn;

  char *uid;

  char *challenge_password;

  char *pkcs9_email;

  char *country;

  char **dns_name;

  char **ip_addr;

  char **email;

  char **dn_oid;

  char *crl_dist_points;

  char *password;

  char *pkcs12_key_name;

  int serial;

  int expiration_days;

  int ca;

  int path_len;

  int tls_www_client;

  int tls_www_server;

  int signing_key;

  int encryption_key;

  int cert_sign_key;

  int crl_sign_key;

  int code_sign_key;

  int ocsp_sign_key;

  int time_stamping_key;

  char** key_purpose_oids;

  int crl_next_update;

  int crl_number;

  int crq_extensions;

  char *proxy_policy_language;

} cfg_ctx;

 

-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of peter williams
Sent: Wednesday, February 23, 2011 5:33 PM
To: 'Cosimo Streppone'; public-xg-webid@w3.org
Subject: RE: slow down and organize

 

Today,

 

In installed Cygwin on windows, all features. This includes gnutls: simple
client, simple service, certtool - for making cert credentials and cert
chains.

 

I simply followed in the info showing how to use gnutls's certtool(1), which
mints various credentials in .pem "format" for a CA, a SSL server, a SSL
client, and even a client proxy credential.

Received on Thursday, 24 February 2011 06:04:09 UTC