[Devel] TLS ...
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Feb 22 20:54:16 CET 2006
Daniel-Constantin Mierla wrote:
>> Please check if I got it right:
>> We can make a function ascii2str which copies the ascii string into a
>> statice buffer (e.g. maxlen=255, I have to check if there a length
>> limits for certificate parameters).
>>
>> $cn retrieves the certificate subject from openssl as ASCII. it then
>> uses ascii2str to copy it into the static buffer.
>>
>> Would that mean also that in the following snippet all these tasks are
>> done 3 times (xlog+xlog+accounting)?
> It is up to the implementation. The pseudo-variables getting the time
> calls time(NULL) only once per message, as well as TM module sets one
> time the global transaction variable (it does not search the transaction
> each time is needed per script processing). So, you can do it each time,
> or once per script processing, it is a matter of internal design and
> developer's choice - recommended is to be once per script processing.
If we want to have it once per script processing, we need a static
buffer for each parameter. Given the list of possible parameters (taken
from ser's tls module) this will add 46 static buffers. Is this
something we should do or should we choose another implementation?
regards
klaus
List of possible TLS parameters:
@tls String description of the TLS layer
@tls.version Protocol version being used
@tls.desc The same as @tls
@tls.cipher Cipher name being used
@tls.cipher.bits Number of bits used for encryption
@tls.peer Peer certificate subject common name
@tls.me Local certificate subject common name
@tls.peer.subject same as @tls.peer
@tls.peer.issuer Peer certificate issuer common name
@tls.peer.verified True if peer cert has been verified
@tls.peer.version Peer/local certificate version
@tls.peer.sn Peer/local certificate number
@tls.peer.not_before Certificate validity start
@tls.peer.not_after Certificate validity end
@tls.peer.email Email address from subj alternative name
@tls.peer.host DNS anme from subj alternative name
@tls.peer.uri URI from subj alternative name
@tls.peer.ip IP address from subj alternative name
@tls.peer.subj.locality locality component
@tls.peer.subj.country subject country
@tls.peer.subj.state subject state
@tls.peer.subj.organization subject organization
@tls.peer.subj.unit subject organizational unit
@tls.peer.issuer.locality locality component
@tls.peer.issuer.country issuer country
@tls.peer.issuer.state issuer state
@tls.peer.issuer.organization issuer organization
@tls.peer.issuer.unit issuer organizational unit
@tls.my.version Peer/local certificate version
@tls.my.sn Peer/local certificate number
@tls.my.not_before Certificate validity start
@tls.my.not_after Certificate validity end
@tls.my.email Email address from subj alternative name
@tls.my.host DNS anme from subj alternative name
@tls.my.uri URI from subj alternative name
@tls.my.ip IP address from subj alternative name
@tls.my.subj.locality locality component
@tls.my.subj.country subject country
@tls.my.subj.state subject state
@tls.my.subj.organization subject organization
@tls.my.subj.unit subject organizational unit
@tls.my.issuer.locality locality component
@tls.my.issuer.country issuer country
@tls.my.issuer.state issuer state
@tls.my.issuer.organization issuer organization
@tls.my.issuer.unit issuer organizational unit
More information about the Devel
mailing list