GNU bug report logs - #35787
26.2; gnutls: accessing raw server certificate data

Previous Next

Package: emacs;

Reported by: Julian Scheid <julians37 <at> gmail.com>

Date: Sat, 18 May 2019 01:50:02 UTC

Severity: wishlist

Tags: fixed

Found in version 26.2

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Julian Scheid <julians37 <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.2; gnutls: accessing raw server certificate data
Date: Sat, 18 May 2019 13:48:47 +1200

[Message part 1 (text/plain, inline)]
Hello, I would like to request a feature: accessing the raw certificate
of a server connected to via `gnutls-negotiate' (or such).

Currently, `gnutls-peer-status' only allows accessing high-level
information extracted from the certificate, such as the issuer, but not
the certificate data itself.

Access to the raw certificate data would allow implementing the
`tls-server-endpoint' channel binding type as per
https://tools.ietf.org/html/rfc5929#section-4.1 , which requires
> [t]he hash of the TLS server's certificate [RFC5280] as it
> appears, octet for octet, in the server's Certificate message.  Note
> that the Certificate message contains a certificate_list, in which
> the first element is the server's certificate.

[Message part 2 (text/html, inline)]
This bug report was last modified 5 years and 326 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.