Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
Argh ... looks like the mailing list scrubbed 2 of my attachments. Here is the python code (not as an attachment), hope the mailer does not mangle it. import sys import nss.nss as nss from nss.error import NSPRError # Perform basic configuration and setup nss.nss_init_nodb() # Get the cert

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
On 02/23/2017 11:14 AM, John Dennis wrote: On 02/23/2017 11:04 AM, Paul Wouters wrote: Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? CERT_DecodeAltNameExtension See secu_PrintAltNameExtension() in

Re: CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread Miklos Vajna
Hi, On Thu, Feb 23, 2017 at 11:59:28AM -0500, John Dennis wrote: > >>It does appear that ParseRFC1485AVA has a bug > >> > >>if (!PL_strncasecmp("oid.", tagBuf, 4)) { > >>rv = SEC_StringToOID(arena, , tagBuf, strlen(tagBuf)); > >> > >>SEC_StringToOID() can handle

Re: How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread John Dennis
On 02/23/2017 11:04 AM, Paul Wouters wrote: Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? CERT_DecodeAltNameExtension See secu_PrintAltNameExtension() in cmd/lib/secutil.c or cert_VerifySubjectAltName() in

How to get a list of SubjectAltNames of a cert in NSS

2017-02-23 Thread Paul Wouters
Hi, I'm looking at the best way to get a list of SubjectAltNames of a CERTCertificate. Anyone have a pointer (haha) for me ? Paul -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread John Dennis
On 02/23/2017 09:00 AM, Miklos Vajna wrote: Hi, [ I ran into this problem as a follow-up of the previous ECDSA question I asked earlier, but I assume this problem is independent. ] I'm trying to use CERT_AsciiToName() to get the DER-encoded equivalent of a string from an XML signature. The

CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread Miklos Vajna
Hi, [ I ran into this problem as a follow-up of the previous ECDSA question I asked earlier, but I assume this problem is independent. ] I'm trying to use CERT_AsciiToName() to get the DER-encoded equivalent of a string from an XML signature. The original string from my XML signature was: