----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/34229/#review83829 -----------------------------------------------------------
This looks good to me - essentially what I was starting with. Although we may nned something more specific to interoperate with qpidd as it has a very specific notion of what the authid for sasl external looks like - I need to follow this through more carefully. proton-c/src/ssl/openssl.c <https://reviews.apache.org/r/34229/#comment134908> I think _oneline would be closer in format to using flags XN_FLAGS_ONELINE proton-c/src/ssl/openssl.c <https://reviews.apache.org/r/34229/#comment134906> You probably need if (!subject) return NULL; here too (there may be circumstances in which we can get a certificate without a subject) proton-c/src/ssl/openssl.c <https://reviews.apache.org/r/34229/#comment134907> FWIW I just wrote this code (or near equivalent) for my own purposes and used a direct memcpy here: ... long len = BIO_get_mem_data(bio, &data); ssl->subject = (char*) malloc(len+1); if (ssl->subject) { memcpy(ssl->subject, data, len); out[len] = 0; } BIO_free(bio); return ssl->subject; } ... Don't know if this is useful or not. - Andrew Stitcher On May 14, 2015, 7:54 p.m., Gordon Sim wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/34229/ > ----------------------------------------------------------- > > (Updated May 14, 2015, 7:54 p.m.) > > > Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and > Rafael Schloming. > > > Bugs: PROTON-861 > https://issues.apache.org/jira/browse/PROTON-861 > > > Repository: qpid-proton-git > > > Description > ------- > > This is useful e.g. to determine whether a particular connection is > authorised for certain actions. > > The approach taken here is to expose the full subject as a string. It may be > that some subset of that is preferred, perhaps in a slightly different > format. However having the full subject is the simplest way to ensure that > everyone can get what they need, even if at the expense of a little string > manipulation. > > > Diffs > ----- > > proton-c/bindings/python/proton/__init__.py bc639e3 > proton-c/include/proton/ssl.h 0ac4aef > proton-c/src/ssl/openssl.c 2bbdda0 > > Diff: https://reviews.apache.org/r/34229/diff/ > > > Testing > ------- > > > Thanks, > > Gordon Sim > >