| Subject: | Needs ability to process extension values |
This is almost useful! But there's a catch. Most of the interesting
data has moved into extensions, but we can't access the data in
extensions with this module. (I know, there's a FIXME note; this
report is asking for some work on it...)
Please provide a method to either automagically, or even maually, get
at the objects in an extension. Perhaps we could supply a hash of OID -
Show quoted text
> format?
Motivation:
Let's say I read a certificate. I can get the extensions, and lo and
behold, there's a subjectAltName extension. I want to work with each
of the X509::Name objects inside - for example, to list all the hosts
that the certificate is valid for.
I can get the whole value with $x->extensions_by_name->{subjectAltName}-
Show quoted text>value. But that value is, as the FIXME in the doc hints, a complex
value - a list of X509::Names. The module knows about this object
type, but I can't access them...
Here is one certificate's list of extensions (just obtained from a
commercial supplier).
2.5.29.18: X509v3 Issuer Alternative Name |
2.5.29.19: X509v3 Basic Constraints |
2.5.29.17: X509v3 Subject Alternative Name |
2.5.29.15: X509v3 Key Usage |
2.5.29.35: X509v3 Authority Key Identifier |
1.3.6.1.5.5.7.1.1: Authority Information Access |
2.5.29.32: X509v3 Certificate Policies |
2.5.29.37: X509v3 Extended Key Usage |
2.5.29.31: X509v3 CRL Distribution Points |
2.5.29.14: X509v3 Subject Key Identifier |