> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote: > > This looks good to me - essentially what I was starting with. > > > > Although we may nned something more specific to interoperate with qpidd as > > it has a very specific notion of what the authid for sasl external looks > > like - I need to follow this through more carefully. > > Alan Conway wrote: > IMO what gsim has is fine, and what you are talking about would be an > addition like `char* pn_some_long_name_authid(const char* subject)`. We're > talking about a few simple parse or transform functions, I don't think we > need to introduce a whole new refcounted pn_subject class. If it is qpidd > specific then it shouldn't even be in proton. > > Andrew Stitcher wrote: > I'm not suggesting a new pn_subject_t type (although it isn't necessarily > a bad idea - X509 names are significantly cpomplex). > > Where I do differ from your API sketch is that I would not parse some > text form of the subject - we have access to the actual certificate objects > so it makes sense to use them - the code wil end up being simpler and more > reliable tham have to format a representation of the subject them parsing it > then creating a new representation. so something more like: > char *pn_some_long_name(pn_ssl_t *ssl);
Agreed. We can do both: expose the parsed data and provide the full bytes of the subject. - Alan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/34229/#review83829 ----------------------------------------------------------- On May 15, 2015, 9:40 a.m., Gordon Sim wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/34229/ > ----------------------------------------------------------- > > (Updated May 15, 2015, 9:40 a.m.) > > > Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and > Rafael Schloming. > > > Bugs: PROTON-861 > https://issues.apache.org/jira/browse/PROTON-861 > > > Repository: qpid-proton-git > > > Description > ------- > > This is useful e.g. to determine whether a particular connection is > authorised for certain actions. > > The approach taken here is to expose the full subject as a string. It may be > that some subset of that is preferred, perhaps in a slightly different > format. However having the full subject is the simplest way to ensure that > everyone can get what they need, even if at the expense of a little string > manipulation. > > > Diffs > ----- > > proton-c/bindings/python/proton/__init__.py bc639e3 > proton-c/include/proton/ssl.h 0ac4aef > proton-c/src/ssl/openssl.c 2bbdda0 > > Diff: https://reviews.apache.org/r/34229/diff/ > > > Testing > ------- > > > Thanks, > > Gordon Sim > >
