using heimdal x509 functions for certificate handling rather than gnutls

Matthieu Patou mat at
Tue Aug 10 02:44:11 MDT 2010

  Hi Love and Andrew,

On 10/08/2010 11:02, Love Hörnquist Åstrand wrote:
> Dont let me stop you from committing fixes and extensions, it might go faster to get then integrated in
> Mainstream Heimdal if we discuss the changes first though.
> That said, I prefer working code instead of no code.
Ok I have some patches in my repo I'll pushed them to my public repo in the

It's the last 5 patches, you'll see some stuff that we already talked 
about (utf-16 strings, hx509_err and makeproto ...).

For the moment it's raw patches that were make the hiemdalcrt demo 
program work.
This program tests the following stuff that I'll need to implement the 
backupkey remote protocol:

* generation of a certificate with a subject unique Id and its private key
* querying a cert for it's info and among them the subject unique id
* converting a DER certificate to an heimdal cert object
* exporting a heimdal cert object to a DER byte string

I'll need one thing: create a private with just the raw information 
(exponent, modulus, prime 1, prime 2, exponent 1, exponent 2, 
coefficient, private exponent) as it's provided and stored by microsoft 
in the active directory.

> Skickat från min iPhone
> 9 aug 2010 kl. 19:01 skrev Andrew Bartlett<abartlet at>:
>> It seems quite reasonable to use Heimdal here, if Love is happy to have
>> it extended in the way you need.  We already use hx509 for the PKINIT
>> anyway.

Matthieu Patou
Samba Team

More information about the samba-technical mailing list