[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnuTLS issues
From: |
Simon Josefsson |
Subject: |
Re: gnuTLS issues |
Date: |
Wed, 27 Aug 2008 16:46:25 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
"Nikos Mavrogiannopoulos" <address@hidden> writes:
> On Tue, Aug 26, 2008 at 10:36 PM, Simon Josefsson <address@hidden> wrote:
>> That means it has been broken since v0.9.0 and nobody has missed it. I
>> think we should remove the code, it seems nobody needs the feature and
>> removing code decreases complexity.
>>
>> People can use 'certtool --p7-info' to convert PKCS#7 blobs into lists
>> of PEM certificates. I tried it and it works fine on the OpenSSL file.
>
> Isn't it the code being used by --p7-info?
Ah, no. What I suggest is to remove the code to read PKCS#7 certificate
chains in the gnutls_certificate_set_x509_key* functions.
The current code hasn't worked since v0.9.0 and apparently nobody has
missed it, see tests/set_pkcs7_cred.c for example code. Storing
certificate chains in PKCS#7 blobs is not what that standard is intended
for. Getting rid of the code may speed up loading certificate slightly,
and will definitely improve code readability.
The PKCS#7 functions used by certtool --p7-info are fine.
What do you think?
/Simon
- Re: gnuTLS issues, Simon Josefsson, 2008/08/25
- Re: gnuTLS issues, Simon Josefsson, 2008/08/25
- Re: gnuTLS issues, Nikos Mavrogiannopoulos, 2008/08/25
- Re: gnuTLS issues, Nikos Mavrogiannopoulos, 2008/08/25
- Re: gnuTLS issues, Simon Josefsson, 2008/08/26
- Re: gnuTLS issues, Simon Josefsson, 2008/08/26
- Re: gnuTLS issues, Nikos Mavrogiannopoulos, 2008/08/27
- Re: gnuTLS issues,
Simon Josefsson <=
- Re: gnuTLS issues, Nikos Mavrogiannopoulos, 2008/08/27
- Re: gnuTLS issues, Simon Josefsson, 2008/08/28
Re: gnuTLS issues, Christian Grothoff, 2008/08/26