On Tue, Sep 12, 2023 at 12:03:01AM +0000, Job Snijders wrote:
> On Mon, Sep 11, 2023 at 09:31:03AM +0200, Theo Buehler wrote:
> > > - * This only parses the RFC 3779 extensions since these are necessary for
> > > - * validation.
> >
> > Isn't this still true? You don't really parse the subject name.
>
> I took 'parse' to mean something like 'inspects', and since it also
> inspects the X.509 version, KeyUsage, and soon Subject it seemed a
> misleading comment to me :-)
The new comment is fine with me. I think the point the comment was
trying to make is that it actually parses the two RFC 3779 extensions,
whereas it only does some sanity checks on the others.
> I incorporated your feedback, OK?
yes, just one nit
> +#if 0
> + if (as->type != V_ASN1_PRINTABLESTRING) {
Instead of reaching into the string, I think it'd be nicer to do
if (ASN1_STRING_type(as) != V_ASN1_PRINTABLESTRING) {
> + warnx("%s: RFC 6487 section 4.5: commonName is"
> + " not PrintableString", fn);
> + return 0;
> + }
> +#endif
