[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Missing gnutls_x509_crq_sest_subject_alternative_name ?
|
From: |
Simon Josefsson |
|
Subject: |
Re: Missing gnutls_x509_crq_sest_subject_alternative_name ? |
|
Date: |
Thu, 18 Sep 2008 03:57:23 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> Hi David--
>
> On Wed 2008-09-17 12:55:13 -0400, David Marín Carreño wrote:
>
>> As some of you probably know, I am developing gnoMint, a graphical
>> X.509 CA manager.
>
> Cool, thanks for working on that!
>
>> Examining the API, it seems that there exists a
>> "gnutls_x509_set_subject_alternative_name" that adds an alternative
>> name extension to a certificate structure, but it doesn't exist a
>> similar function for adding alternative name(s) to certificate
>> requests.
>
> This question was just asked on help-gnutls:
>
> http://lists.gnu.org/archive/html/help-gnutls/2008-09/msg00013.html
>
> The answer seems to be that the capability doesn't exist yet in
> certtool. Looking at includes/gnutls/x509.h, i don't see any similar
> functionality for certificate requests in the library itself
> either. :(
I think there are two separate issues here:
1) Support for adding more than one SAN to a certificate.
2) Support for adding SAN(s) to a certificate requests.
>> Is there a reason for that? Do you plan to add that function?
>
> I don't think there is a good reason to *not* have it; adding this
> feature would be a really good thing, given how popular this
> particular v3 extension is today.
Yup, patches welcome. :)
I suspect it is not a difficult task, and could even make it for the
2.6.x release.
/Simon