[Delta] QCA roadmap
justin-psi2 at affinix.com
Wed Apr 11 13:58:47 PDT 2007
On Wednesday 11 April 2007 1:16 pm, Alon Bar-Lev wrote:
> On 4/11/07, Justin Karneges <justin-psi2 at affinix.com> wrote:
> > CertificateInfoOrdered::toString() creates a DN string (just committed).
> It does not work correctly:
> $ ../../bin/qcatool keybundle extract qca-pkcs11:893a | openssl x509
> -subject -noout
> subject= /C=IL/O=Xor Technologies/OU=Users/CN=Alon
> Bar-Lev/emailAddress=alon at xor-t.com
> While the toString() implementation returns:
> CN=Alon Bar-Lev, C=IL, O=Xor Technologies, OU=Users
> The fact that the human readable is reverse than what OpenSSL prints,
> please notice that the order is incorrect and the email is missing...
> You can use the Microsoft way "E=" or OpenSSL way "emailAddress".
When I used openssl x509 -text, it showed all the items comma-delimited,
except for emailAddress which had a '/' character between it at the CN (that
confused me, I wasn't sure if openssl was putting the email address into the
common name...). I'll add support for emailAddress as a label.
That said: qca-openssl is wrong.. sorry about it. This is why the order is
messed up. Also, email address should at least show up as an OID in the
current implementation, but again qca-openssl is wrong and so there's no
email address at all. I need to fix the plugin.
> > Non-end certs are determined by a missing private key I thought?
> No... When I load the certificates from the public context, I don't
> have means to determine if a private object is available.
> So I "guess" based on the chains available.
Maybe use CertificateChain::complete() ?
> > Btw, if you want to compare info, you can use operator== with
> > CertificateInfoOrdered. There is also CertificateInfoOrdered::dnOnly()
> > if you only want the DN fields.
> Well... I cannot use an operator as a callback for the C code... :(
I don't understand.
More information about the delta