[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>

Roumen Petrov xmlsec at roumenpetrov.info
Thu Jul 17 04:18:41 PDT 2003 

Hi community,

I would like to see in future version support for <X509SubjectName/> and 
<X509IssuerSerial/> in <X509Data/> tag.

To do this I have a limited(only for OpenSSL) patch - see attached file 
x509-sn_or_is.patch.gz

Most important change are new methods:
+static xmlChar*        xmlSecOpenSSLX509NameWrite        (X509_NAME* nm);
+static xmlChar*        xmlSecOpenSSLX509CertSubjectNameWrite    (X509* 
cert);
+static xmlChar*        xmlSecOpenSSLX509CertIssuerNameWrite    (X509* 
cert);
+static xmlChar*        xmlSecOpenSSLASN1IntegerWrite        
(ASN1_INTEGER *_asni);
+static xmlChar*        xmlSecOpenSSLX509CertSerialNumberWrite    (X509* 
cert);

Open issue is:
- which format (<X509Certificate/>, <X509SubjectName/> or 
<X509IssuerSerial/>) to use method xmlSecOpenSSLKeyDataX509XmlWrite(...).
Current patch contain a static variable x509data_type which determine 
format. May be a new flag/options in context is solution, but we should 
take note for binary compatibility with previous versions and I don't 
have idea how to implement this.


In additional to changes in openssl/x509.c, patch contain changes in 
script ./tests/testDSig.sh. When xmlsec application support 
<X509SubjectName/> or <X509IssuerSerial/> we should specify additional 
certificates to verify signature of  merlin-xmldsig-twenty-three tests: 
signature-x509-sn and signature-x509-is.


Second attached file "x509.c-ignore_white_space.diff.gz" is only for 
information, because part of changes in method 
xmlSecOpenSSLKeyDataX509XmlWrite(...) is to add a <TAB> symbol before 
some lines and x509.c diff from "x509-sn_or_is.patch.gz" looks ugly.


Best regards
Roumen Petrov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: x509-sn_or_is.patch.gz
Type: application/gzip
Size: 2014 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030717/7829ec19/x509-sn_or_is.patch.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: x509.c-ignore_white_space.diff.gz
Type: application/gzip
Size: 1627 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030717/7829ec19/x509.c-ignore_white_space.diff.bin

More information about the xmlsec mailing list