> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > This looks good to me - essentially what I was starting with.
> >
> > Although we may nned something more specific to interoperate with qpidd as
> > it has a very specific notion of what the authid for sasl external looks
> > like - I need to follow this through more carefully.
>
> Alan Conway wrote:
> IMO what gsim has is fine, and what you are talking about would be an
> addition like `char* pn_some_long_name_authid(const char* subject)`. We're
> talking about a few simple parse or transform functions, I don't think we
> need to introduce a whole new refcounted pn_subject class. If it is qpidd
> specific then it shouldn't even be in proton.
I'm not suggesting a new pn_subject_t type (although it isn't necessarily a bad
idea - X509 names are significantly cpomplex).
Where I do differ from your API sketch is that I would not parse some text form
of the subject - we have access to the actual certificate objects so it makes
sense to use them - the code wil end up being simpler and more reliable tham
have to format a representation of the subject them parsing it then creating a
new representation. so something more like:
char *pn_some_long_name(pn_ssl_t *ssl);
- Andrew
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
On May 14, 2015, 8:27 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 8:27 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and
> Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is
> authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be
> that some subset of that is preferred, perhaps in a slightly different
> format. However having the full subject is the simplest way to ensure that
> everyone can get what they need, even if at the expense of a little string
> manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
