On Tue, Sep 4, 2012 at 3:48 PM, Tim Ruehsen <[email protected]> wrote:
> Right now, after having taken a deeper look into the sources, I personally > dislike the source code. You're not alone. Unfortunately it is the easiest to use ASN.1 parser. > It is unnecessary complex, i would say hard to > maintain. I really can't find any of the stated "high quality" code. Who states that? > Tree structure handling and content handling should be seperated. > Aren't there any well-tested tree library routines (e.g. GNU t* functions) > that could be used for adding, deleting, searching and walking ?. Could be. However, the author of this code is no longer interested in improving it. Unless there is someone willing to rewrite (simply patching may not work), it would be hard to improve. > I think, GnuTLS should have a tool to be able to convert .PEM files into > simple text files which could be read into a simple C structure by a trivial > routine. That would massively reduce complexity and resource usage (CPU, > Memory) and speed up GnuTLS startup. This isn't trivial. ASN.1 structures can be overly complex and they rarely map to C structure (see PKCS #12 for an example). If you try to parse complex structures like that with other approaches (e.g. the libtomcrypt asn.1 parser functions) you'll become insane. Libtasn.1's advantage is _a very good_ interface for accessing elements within the structure. Unfortunately it is supported by very complex code. regards, Nikos
