Tim Ruehsen <[email protected]> writes: > Am Tuesday 04 September 2012 schrieb Nikos Mavrogiannopoulos: >> On Tue, Sep 4, 2012 at 3:48 PM, Tim Ruehsen <[email protected]> wrote: >> > Right now, after having taken a deeper look into the sources, I >> > personally dislike the source code. >> >> You're not alone. Unfortunately it is the easiest to use ASN.1 parser. >> >> > It is unnecessary complex, i would say hard to >> > maintain. I really can't find any of the stated "high quality" code. >> >> Who states that? > > see http://www.gnu.org/software/libtasn1 > The part i am referring to is titled "High Quality".
To be fair, it says "the goal is to provide a library of high quality" not necessarily that the current code is of high quality. I agree there is plenty of room for improvement... we won't get there without a goal of getting there though. Maybe the text could be reworded a bit... > Well the clang analyser is mentioned... since the last check, some time may > have been passed ... using it, you will at least find one serious memory > error. If you could explain more, that would help. > Hey Nikos. > This mentioned tool could use libtasn1. Impact doesn't matter since the > certificates seldom change. > The X509 certificate format is well defined in RFC 5280 and it should be easy > to output these values into a text format like: > -------- > tbsCertificate.version 2 > tbsCertificate.serialNumber 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 > tbsCertificate.signature sha1WithRSAEncryption > tbsCertificate.issuer C=US, O=America Online Inc., CN=America Online Root > Certification Authority 1 > ... > signatureAlgorithm sha1WithRSAEncryption > signatureValue 7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c: ... > -------- > > OpenSSL already has a tool to convert .PEM into a (human readable) text: > openssl x509 -text -noout -in <filename> > > Maybe there already is a similar GnuTLS tool which we can extend a bit to > produce machine readable text. The risk is that some information is lost when doing this conversion. If you want to work on it, you could add a new gnutls_certificate_print_formats_t symbol that would make gnutls_x509_crt_print print new certificate in a machine readable format. I think that would be quite useful, and not too difficult to do. Just make sure you output opaque blobs for things that haven't yet been given a machine readable format -- I'm thinking primarily extensions. /Simon
