[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35787: 26.2; gnutls: accessing raw server certificate data
From: |
Lars Ingebrigtsen |
Subject: |
bug#35787: 26.2; gnutls: accessing raw server certificate data |
Date: |
Tue, 09 Jul 2019 04:42:58 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Julian Scheid <julians37@gmail.com> writes:
> Hello, I would like to request a feature: accessing the raw certificate
> of a server connected to via `gnutls-negotiate' (or such).
>
> Currently, `gnutls-peer-status' only allows accessing high-level
> information extracted from the certificate, such as the issuer, but not
> the certificate data itself.
Other details are returned in the process object, like
gnutls_x509_crt_get_fingerprint of the certificate.
> Access to the raw certificate data would allow implementing the
> `tls-server-endpoint' channel binding type as per
> https://tools.ietf.org/html/rfc5929#section-4.1 , which requires
>> [t]he hash of the TLS server's certificate [RFC5280] as it
>> appears, octet for octet, in the server's Certificate message. Note
>> that the Certificate message contains a certificate_list, in which
>> the first element is the server's certificate.
Does this hash relate in any way to gnutls_x509_crt_get_fingerprint?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- bug#35787: 26.2; gnutls: accessing raw server certificate data,
Lars Ingebrigtsen <=