Hi,
This seems to be a difference between how the openssl and the
gnutls library return the name of the subject. For instance, for
nm.debian.org, for the subject you get:
/C=US/ST=Indiana/L=Indianapolis/O=Debian/OU=NM/CN=nm.debian.org/[EMAIL
PROTECTED]
While with gnutls you get:
C=, ST=Indiana, L=Indianapolis, O=Debian, OU=NM, CN=nm.debian.org/[EMAIL
PROTECTED]
(I wonder why the C= doesn't say US in case of gnutls though.)
So a version build with openssl is working without problems.
Anyway, the openssl manpage says:
NOTES
The functions X509_NAME_oneline() and X509_NAME_print() are legacy
functions which produce a non standard output form, they don't handle
multi character fields and have various quirks and inconsistencies.
Their use is strongly discouraged in new applications.
Looking at the openssl library, I think it's best to use
X509_NAME_get_index_by_NID/OBJ()/X509_NAME_get_entry(), and then go
over the list of common names. But it looks like gnutls doesn't
support that?
The gnutls equivalent would be something like
gnutls_x509_crt_get_issuer_dn_by_oid?
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
