|
From: | peter williams |
Subject: | certtool and SAN URI population |
Date: | Sat, 26 Feb 2011 11:53:01 -0800 |
I’m considering altering file in certtool(1) implementation files so it is easy in the “template” configuration file to specify a value for the “SAN URI” fields of SSL client certs. It’s already easy to specify an SAN domain-name field via the template. If I do it, would someone consider the code changes for inclusion in the package? The changes are in support of an W3C incubator project applying client SSL certs which have a URI as name form. Can anyone think of a way to use the template file to include a SAN URI field in a SSL client cert, using the current release of certtool(1)? (Perhaps, there is a syntax for adding an arbitrary extension value, expressed in hex, perhaps). Here is what I want the gnutls test site to do when showing a SAN URI. This was done using someone’s cert minting web site to create/manage the SSL client cert, rather than using certtool(1). This is GNUTLS Session ID: 02000000F4FFE0B7B67C08080400000000000000C60100001000000002000000 If your browser supports session resuming, then you should see the same session ID, when you press the reload button. Server Name: test.gnutls.org Ephemeral DH using prime of 1024 bits. Protocol version: TLS1.1 Certificate Type: X.509 Key Exchange: DHE-RSA Compression NULL Cipher AES-256-CBC MAC SHA1 Ciphersuite DHE_RSA_AES_256_CBC_SHA1 X.509 Certificate Information: Version: 3 Serial Number (hex): 4b45d7295406364afe32d209942be329 Issuer: O=FOAF\+SSL,OU=The Community of Self Signers,CN=Not a Certification Authority Validity: Not Before: Sat Feb 26 16:49:18 UTC 2011 Not After: Fri Feb 17 18:49:18 UTC 2012 Subject: O=FOAF\+SSL,OU=The Community Of Self Signers,UID=http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4#me,CN=homepw4 Subject Public Key Algorithm: RSA Modulus (bits 1536): b5:20:f3:84:79:f5:80:3a:7a:b3:32:33:15:5e:ee:f8 ad:4e:1f:57:5b:60:3f:77:80:f3:f6:0c:ea:b1:34:61 8f:be:11:75:39:10:9c:01:5c:5f:95:9b:49:7e:67:c1 a3:b2:c9:6e:5f:09:8b:b0:bf:2a:65:97:77:9d:26:f5 5f:e8:d3:20:de:7a:f0:56:2f:d2:cd:06:7d:bc:9d:77 5b:22:fc:06:e6:34:22:71:7d:00:a6:80:1d:ed:af:d7 b5:4a:93:c3:f4:e5:95:38:47:56:73:97:2e:52:4f:4e c2:a3:66:7d:0e:1a:c8:56:d5:32:e3:2b:f3:0c:ef:8c 1a:dc:41:71:89:20:56:8f:be:9f:79:3d:ae:ea:ee:aa 7e:83:67:b7:22:8a:89:5a:6c:f9:45:45:a6:f6:28:66 93:27:7a:1b:c7:75:04:25:ce:6c:35:d5:70:e8:94:53 11:7b:88:ce:24:20:6a:fd:21:6a:70:5a:d0:8b:7c:59 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Key Usage (critical): Digital signature. Non repudiation. Key encipherment. Key agreement. Certificate signing. Unknown extension 2.16.840.1.113730.1.1 (not critical): ASCII: .... Hexdump: 030205a0 Subject Key Identifier (not critical): 27273521ca35671123bb281c46903fc2f43051c0 Subject Alternative Name (critical): URI: http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4#me Signature Algorithm: RSA-SHA Signature: c8:22:58:c6:e9:46:af:9f:41:6f:82:3f:2d:25:ed:69 ca:6e:43:f4:89:2f:24:c7:96:1d:97:8e:09:13:1e:ac 32:c6:f0:ba:df:79:19:d3:56:28:6a:ee:ea:42:e6:a8 2e:f1:b4:2e:0d:45:7c:6d:dd:7d:bc:a6:7e:12:aa:0f 5b:c2:cb:36:f5:dd:c6:ec:2b:e0:eb:55:15:e0:fa:8a 9c:e4:3a:b7:ee:c2:89:bd:7b:ca:9e:fe:0a:98:b5:36 dd:12:ca:68:66:4b:9f:c2:3e:c3:58:51:1c:d5:84:7f aa:07:3f:14:27:a1:d7:5b:41:ab:f7:d8:64:5c:58:64 Other Information: MD5 fingerprint: cd3af2ec77b2421229ea61a88d3a181a SHA-1 fingerprint: 1ee2e509ed8d61251ee10b7078ae9202129b3f76 Public Key Id: 6a651cf7e0a7f791ba8f29ebb201822e354b49f6 Your HTTP header was: User-Agent: Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01 Host: test.gnutls.org:5556 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Accept-Language: en-US,en;q=0.9 Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0 Referer: http://www.gnu.org/software/gnutls/server.html Connection: Keep-Alive |
[Prev in Thread] | Current Thread | [Next in Thread] |