Re: [PATCH] cleanup _asn1_copy_structure3

[Nikos Mavrogiannopoulos]

On Tue, Sep 4, 2012 at 4:38 PM, Tim Ruehsen <address@hidden> wrote:

> Hey Nikos.
> This mentioned tool could use libtasn1. Impact doesn't matter since the
> certificates seldom change.
> The X509 certificate format is well defined in RFC 5280 and it should be easy
> to output these values into a text format like:
> --------
> tbsCertificate.version 2
> tbsCertificate.serialNumber 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
> tbsCertificate.signature sha1WithRSAEncryption
> tbsCertificate.issuer C=US, O=America Online Inc., CN=America Online Root
> Certification Authority 1

gnutls has certtool as well, but I don't think that this approach is
any easier than optimizing libtasn1. The simpler way without radical
changes in certificate verification,  would need to introduce a
certificate cache, in effect storing the libtasn1 tree and restoring
it back. Still you'd have to optimize the tree creation/copy etc. I
think that the way that is beneficial for all use cases is to optimize
tree creation and copy in libtasn1 anyway and avoid any caching. I'll
add it in my todo list, but unfortunately currently that doesn't mean
much as I'm busy with other things.

regards,
Nikos