GNU bug report logs -
#35787
26.2; gnutls: accessing raw server certificate data
Previous Next
Reported by: Julian Scheid <julians37 <at> gmail.com>
Date: Sat, 18 May 2019 01:50:02 UTC
Severity: wishlist
Tags: fixed
Found in version 26.2
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 35787 <at> debbugs.gnu.org (full text, mbox):
Julian Scheid <julians37 <at> gmail.com> writes:
> Hello, I would like to request a feature: accessing the raw certificate
> of a server connected to via `gnutls-negotiate' (or such).
>
> Currently, `gnutls-peer-status' only allows accessing high-level
> information extracted from the certificate, such as the issuer, but not
> the certificate data itself.
Other details are returned in the process object, like
gnutls_x509_crt_get_fingerprint of the certificate.
> Access to the raw certificate data would allow implementing the
> `tls-server-endpoint' channel binding type as per
> https://tools.ietf.org/html/rfc5929#section-4.1 , which requires
>> [t]he hash of the TLS server's certificate [RFC5280] as it
>> appears, octet for octet, in the server's Certificate message. Note
>> that the Certificate message contains a certificate_list, in which
>> the first element is the server's certificate.
Does this hash relate in any way to gnutls_x509_crt_get_fingerprint?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 326 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.