Re: [exim-dev] [Bug 1489] ${certextract} parse error (4.83 R…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] [Bug 1489] ${certextract} parse error (4.83 RC1)
On Thu, Jun 12, 2014 at 08:37:12PM +0100, Jeremy Harris wrote:

> Viktor commented in the mailinglist that we shouldn't parse the output of
> X509_print_ex() and should return an OID rather than something human-readable.


Mostly because the "human-readable" descriptions are a rather
unstable interface. I believe that for some exotic signature
schemes they return a multi-line description of the algorithm and
parameters! The C code to get the signature description inside
OpenSSL itself is as you point out rather complex, and dives
deep into library internals. I think you should ask for
guidance on openssl-users, I don't know the answer to this,
beyond the observation that it is easy if you 'settle' for
an OID.

> Does anyone else wish to comment?


Sorry, I am not someone else, I hope all the real someone elses
are not detered by my hogging the thread...

-- 
    Viktor.