Stephane Bortzmeyer <bortzme...@nic.fr> writes: > As far as I know, this rant has never been discussed here: > > http://www.openldap.org/lists/openldap-devel/200802/msg00072.html > > [...] I strongly recommend that GnuTLS not be used. All of its APIs > would need to be overhauled to correct its flaws [...]
The gnutls_x509_crt_set_subject_alt_name function has been added which can handle binary structures like packed IP addresses. Non-domain SANs doesn't seem to be widely used though; I haven't been able to get a IP address SAN through any commercial CA. From a systems perspective, I'm not sure the complexity introduced by this outweigh the benefit, but hey, at least we now support it. I have no idea what other APIs he is referring to -- all relevant APIs should take opaque buffer pointers plus buffer size. I also have no idea what APIs he think is problematic wrt strlen/strcat. I would expect that if strlen is used on binary data things would break quickly and we'd notice. Essentially, we have corrected the substantial part, and we'd be happy to improve anything else if the rant is converted into a substantial report about missing or incorrect functionality. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnutls
