[Python-Dev] frozenset C API? (original) (raw)
Bill Janssen janssen at parc.com
Thu Sep 6 19:15:41 CEST 2007
- Previous message: [Python-Dev] frozenset C API?
- Next message: [Python-Dev] frozenset C API?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RFC 2818
"""If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead. """
Yes, subjectAltName is a big one. But I think it may be the only extension I'll expose. The issue is that I don't see a generic way of mapping extension X into Python data structure Y; each one needs to be handled specially. If you can see a way around this, please speak up!
I really don't understand why you would not expose all data in the certificate. It seems totally obvious. The data is there for a reason. I want the subjectAltName. Probably other people want other stuff. Why cripple it? Please include it all.
I intend to "include it all", by giving you a way to pull the full DER form of the certificate into Python. But a number of fields in the certificate have nothing to do with authorization, like the signature, which has already been used for validation. So I don't intend to try to convert them into Python-friendly forms. Applications which want to use that information already need to have a more powerful library, like M2Crypto or PyOpenSSL, available; they can simply work with the DER form of the certificate.
Bill
- Previous message: [Python-Dev] frozenset C API?
- Next message: [Python-Dev] frozenset C API?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]