GNU bug report logs - #35787
26.2; gnutls: accessing raw server certificate data

Previous Next

Package: emacs;

Reported by: Julian Scheid <julians37 <at> gmail.com>

Date: Sat, 18 May 2019 01:50:02 UTC

Severity: wishlist

Tags: fixed

Found in version 26.2

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Julian Scheid <julians37 <at> gmail.com>
Cc: 35787 <at> debbugs.gnu.org
Subject: bug#35787: 26.2; gnutls: accessing raw server certificate data
Date: Tue, 09 Jul 2019 15:44:42 +0200

Julian Scheid <julians37 <at> gmail.com> writes:

> So, to make this work it looks like I'd need either
>
> 1) the fingerprint, but using the hash function as required by the RFC, or
> 2) the certificate as a binary blob.

I think putting the signature itself in the process object (in addition
to all the details) makes some sense, but perhaps it's wastes
unnecessary memory...

There's gnutls-peer-status, and that could also be amended to return the
full certificate.  But, again, that's also called for virtually any TLS
connection.

Perhaps a new function to return the actual certificate?  And perhaps it
should just return the entire certificate chain?

Anybody got an opinion here?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 326 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.