Re: [Uta] WGLC draft-ietf-uta-email-tls-certs

Sat, 18 Apr 2015 07:28:14 -0700 

On 12/04/2015 00:08, Brian Smith wrote:

Are there any existing MUAs, certificate verification libraries,
and/or mail servers that implement support for SRV and SRV-ID that can
be used for interop testing? Has any interop testing been done yet? I
think such interop testing should be done before SRV-ID support is
mandated or recommended.
Here is OpenSSL code. I had to strip code unrelated to this discussion, so this might not compile as is, but should be easily fixable for somebody who can use OpenSSL: 

static int g_srv_nid;

Do this once somewhere:

g_srv_nid = OBJ_create("1.3.6.1.5.5.7.8.7",
    "id-on-srvName", "SRV alt name");


Input for the code below: X509 * cert
{
    X509_EXTENSION *subject_alt_name = NULL;
    STACK_OF(GENERAL_NAME) *alt_names = NULL;
    GENERAL_NAME *alt_name;
    int pos, i;
    bool rc = false;
    char buf[1024];
    unsigned char *s;
    X509_NAME * subject_name;
    X509_NAME_ENTRY *e;
    ASN1_STRING * d;
    char idna_buf[1024];

    for (pos = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
    pos != -1;
    pos = X509_get_ext_by_NID(cert, NID_subject_alt_name, pos)) {
    /* Walking each extension... */
    if ((subject_alt_name = X509_get_ext(cert, pos)) == NULL) break;
    if ((alt_names = X509V3_EXT_d2i(subject_alt_name)) == NULL) break;

    for (i = 0; i < sk_GENERAL_NAME_num(alt_names); ++i) {

        if ((alt_name = sk_GENERAL_NAME_value(alt_names, i)) == NULL) 
break;


        /* Now look for Subject Alt Name types we understand,
        * and might use. */
        switch (alt_name->type) {
        case GEN_OTHERNAME:
        if (OBJ_obj2nid(alt_name->d.otherName->type_id) == g_srv_nid) {

            ASN1_STRING_to_UTF8(&s, 
alt_name->d.otherName->value->value.utf8string);


            if (s) {
            /// s contains _<service>.<domain>

            /// Match against the requested domain. Set rc to true if 
successful.


            OPENSSL_free(s);
            }
        }
        break;

        case GEN_DNS:
        {
            char * p = buf;
            ASN1_STRING_COPY(buf, sizeof(buf), alt_name->d.dNSName);

            /// p points to hostname


            /// Match against the requested domain. Set rc to true if 
successful.

        }
        break;
        }

        if (rc) break;
    }

    GENERAL_NAMES_free(alt_names);
    if (rc) goto cleanup;
    }

cleanup:
    ...
}

_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
























					Reply via email to