Hallo, * Marc-André Moreau <marcandre.mor...@gmail.com> [20101212 20:56]: > I am currently working on network level authentication, and I was > considering the addition of the X.509 ASN.1 module in the asn1c-generated > code. In NLA, the last packet of the authentication sequence sent by the > client is bundled with the encrypted public key from the original > certificate sent by the server. However, the public key isn't really "just" > the public key, it's the public key encapsulated into some other ASN.1 data > structure. I looked at the patch submitted to rdesktop that uses libsamba, > and the code "manually" adds the required encoding to the public key. I > could hack something quickly to get a similar result, but I was thinking > that having the X.509 module would be helpful for easier certificate > parsing, such as in tls_verify. OpenSSL does parse the certificate for us, > but being dependent on OpenSSL makes it harder to try to switch to another > cryptographic library in the future.
FWIW, ASN.1 parsing is notoriously bug prone, and has been a source for security issues several times over the last years. I'd very much prefer linking a mature library (whose sourcecode gets a lot of eyeballs) over rolling our own - OpenSSL fits that bill. I (personally) don't mind an OpenSSL dependency, but would like to suggest moving to GNUTLS - which shares the maturity with OpenSSL, and the GPL license with FreeRDP. My €0.02, Andreas -- Andreas Kotes, CISSP, CCNA - flatline IT services - ISP & IT Consulting "Love many things, for therein lies the true strength, and whosoever loves much performs much, and can accomplish much, and what is done in love is done well." -- Vincent van Gogh ------------------------------------------------------------------------------ Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL, new data types, scalar functions, improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools, best practices and more. http://p.sf.net/sfu/oracle-sfdev2dev _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
