Simon, I know *very* little about C programming but...
Simon Josefsson wrote:
I don't think it is unreasonable for a SAN related API to work with zero-terminated strings. The typical SAN's like dNSName, rfc822Name, and uniformResourceIdentifier are human readable strings. Most applications will work with the strings in zero-terminated form.
...having implemented a cert parser in Python I'd like to emphasize that the attitude of "Most applications will work" is for me a real show-stopper for deploying GnuTLS especially regarding possible security issues.
In my project experience I saw so many PKI-enabled software packages crashing while handling even perfectly valid certificates (not to speak of mal-formed certs issued by some commercial CAs).
Ciao, Michael.
