using heimdal x509 functions for certificate handling rather than gnutls

Matthieu Patou mat at samba.org
Tue Aug 10 02:44:11 MDT 2010


  Hi Love and Andrew,

On 10/08/2010 11:02, Love Hörnquist Åstrand wrote:
> Dont let me stop you from committing fixes and extensions, it might go faster to get then integrated in
> Mainstream Heimdal if we discuss the changes first though.
>
> That said, I prefer working code instead of no code.
>
Ok I have some patches in my repo I'll pushed them to my public repo in the
backupkey_heimdal  
(http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/backupkey_heimdal)

It's the last 5 patches, you'll see some stuff that we already talked 
about (utf-16 strings, hx509_err and makeproto ...).

For the moment it's raw patches that were make the hiemdalcrt demo 
program work.
This program tests the following stuff that I'll need to implement the 
backupkey remote protocol:

* generation of a certificate with a subject unique Id and its private key
* querying a cert for it's info and among them the subject unique id
* converting a DER certificate to an heimdal cert object
* exporting a heimdal cert object to a DER byte string

I'll need one thing: create a private with just the raw information 
(exponent, modulus, prime 1, prime 2, exponent 1, exponent 2, 
coefficient, private exponent) as it's provided and stored by microsoft 
in the active directory.

Matthieu.
> Skickat från min iPhone
>
> 9 aug 2010 kl. 19:01 skrev Andrew Bartlett<abartlet at samba.org>:
>
>> It seems quite reasonable to use Heimdal here, if Love is happy to have
>> it extended in the way you need.  We already use hx509 for the PKINIT
>> anyway.


-- 
Matthieu Patou
Samba Team        http://samba.org



More information about the samba-technical mailing list