On Tue, 2019-03-26 at 21:19 +0100, Rick van Rein wrote: > Hi, > > I read in your docs on "gnutls_certificate_get_crt_raw ()" that it > intends to "return the DER encoded certificate of the server". That > raises a few questions. > > 1. > Did you mean to return the _peer_ certificate, or always the _server_ > certificate?
Hi, This returns the certificate as in the credentials structure. > 2. > When the certificate is not DER-encoded, do you recode it? That > would be quite useful! This is not a PEM-or-DER question but BER-or- > DER. The > TBSCertificate needs to be canonical so DER, but the Certificate > around > it may be BER, as specified in . Not sure everyone knows this... and > having it repackaged would be pleasant to stop bugs caused by it. I'd treat that as an implementation detail. We used to always DER-re- encode certificates, but that caused problems interoperating with golang applications which used to generate certificates not following DER very strictly, thus gnutls was breaking the signatures for them. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
