On Sun, Jan 8, 2012 at 11:00 PM, Richard Moore <[email protected]> wrote: > I've been evaluating using GnuTLS with Qt this weekend. There's a > basic tool that prints out cert info and converts from some Qt data > types like QDateTime etc. at > http://xmelegance.org/devel/cert-prototype.tar.bz2 I'm just posting it > here in case it happens to be useful to anyone. Issues I've > encountered are documented in the NOTES file.
Hello, Interesting comments. - The docs say to report bugs to one place, but they also seem to use the bug reporting tool from savanah. No indication of which is the one to use. It seems the bug report email actually goes to the development list. Actually both end up in the development list and are treated equally. - Getting at the subject/issuer details seems a bit tricky. There seem to be errors in the docs here which doesn't help. Also seems to be using a mixture of void * and char * to hold oids which means we'll need some casts. Would you like to elaborate on that? Is there is something we should fix (in the documentation or code)? - There appears to be no method to map oids to human readable names, there's some internal functions for it but nothing public. Are you referring to the DN oids? If this is the case and it is an interesting feature we could consider exporting the known OIDs. However this cannot be a general OID -> string convertion. - Both subject/issuer (distinguished name) and extensions APIs seem to involve querying the oids and passing them around. This is likely to be slow since we're talking string comparisions (and even worse the part of the string that varies is at the end though this might be worked around internally since we provide a length). To which functions do you refer to? In general I try to promote the gnutls_x509_crt_get_dn() that provides an RFC2253 compliant single string to describe the DN. It appears there's another way to get this info gnutls_x509_crt_get_subject() no idea if this is a better mechanism at this time. If less string comparisons is your goal this looks like an alternative. However, unless you expect millions of DN queries I wouldn't worry about string comparisons. Its impact would be minimal to the cost of DER decoding overhead. - No support for OCSP in the released version, OCSP code appears to be under active development in a branch of the git repo. It is expected to be merged soon. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
