On Tue, Dec 14, 2010 at 10:24:29PM +0100, Florian Weimer wrote: > * Mads Lindstrøm: > > > I got it to work :) But there seems to be some bugs in the Haskell > > server certificate handling. It seems that TLS do not transfer the ST > > (state, as in California) parameter in the X509 subject field. It also > > seems that the Haskell server do not send the email-address. > > And in reality, DER encoding isn't reversible, so you better serve the > exact certificate blob which was passed to the server. Decoding and > reencoding does not work reliably because sometimes, a non-DER version > of the certificate has been signed.
DER encoding IS fully reversible. However you're right about some certificate, that have been improperly signed when they were not valid DER. Hopefully this is a thing of the past, and I do intent to keep re-encoding the certificate instead of passing a binary blob (as i used to do at first, with some vestigial code still present). It gives a good workout to the certificate and asn1 DER modules as well, which isn't all that bad. -- Vincent _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
