Re: Review Request 34229: Expose subject from peer's certificate

Thu, 14 May 2015 13:18:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------


This looks good to me - essentially what I was starting with.

Although we may nned something more specific to interoperate with qpidd as it 
has a very specific notion of what the authid for sasl external looks like - I 
need to follow this through more carefully.


proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134908>

    I think _oneline would be closer in format to using flags
    XN_FLAGS_ONELINE



proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134906>

    You probably need
    if (!subject) return NULL;
    here too (there may be circumstances in which we can get a certificate 
without a subject)



proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134907>

    FWIW I just wrote this code (or near equivalent) for my own purposes and 
used a direct memcpy here:
    
        ...
          long len = BIO_get_mem_data(bio, &data);
    
          ssl->subject = (char*) malloc(len+1);
          if (ssl->subject) {
            memcpy(ssl->subject, data, len);
            out[len] = 0;
          }
          BIO_free(bio);
          return ssl->subject;
        }
        ...
    
    Don't know if this is useful or not.


- Andrew Stitcher


On May 14, 2015, 7:54 p.m., Gordon Sim wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
> 
> (Updated May 14, 2015, 7:54 p.m.)
> 
> 
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and 
> Rafael Schloming.
> 
> 
> Bugs: PROTON-861
>     https://issues.apache.org/jira/browse/PROTON-861
> 
> 
> Repository: qpid-proton-git
> 
> 
> Description
> -------
> 
> This is useful e.g. to determine whether a particular connection is 
> authorised for certain actions.
> 
> The approach taken here is to expose the full subject as a string. It may be 
> that some subset of that is preferred, perhaps in a slightly different 
> format. However having the full subject is the simplest way to ensure that 
> everyone can get what they need, even if at the expense of a little string 
> manipulation.
> 
> 
> Diffs
> -----
> 
>   proton-c/bindings/python/proton/__init__.py bc639e3 
>   proton-c/include/proton/ssl.h 0ac4aef 
>   proton-c/src/ssl/openssl.c 2bbdda0 
> 
> Diff: https://reviews.apache.org/r/34229/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Gordon Sim
> 
>

Reply via email to