UnrecognizedExtension: APIs for (basic) DER unpacking
#9283
Comments
|
We’ve had some past discussions about exposing the imperative DER API for consumers. I’m generally positive on that effort (as it’d remove another reason to use pyopenssl and/or pyasn1). I think that hypothetical API would cover this reasonably well too? |
Yep, I think it would! |
|
There'll be a substantial design effort involved in figuring out a public DER API, but it can be done. |
|
just leaving OtherName here as search keyword |
|
@woodruffw are you still interested in this? 😄 |
I am, but it's pretty far down on the priority set at the moment (I still need it for |
Opening to gather interest/appetite before I send a patch.
Background
Sigstore generates and uses X.509v3 certificates that contain custom extensions; these custom extensions contain values that are (generally) encoded as
UTF8Strings. It would be nice to be able to consume these extension values directly via Cryptography's APIs, without having to usepyasn1or another dependency to unpeel the DER encoding on the extension values.Status quo
At the moment,
UnrecognizedExtensionprovidesvalueas a raw view into the (usually) DER-encoded extension value.Proposal
Add some APIs for common (primitive) extension value retrievals:
UTF8Stringis the main one I'm personally interested in, but there are probably a few others that would be generally useful (UTCTime,GeneralizedTime,IA5String, etc.).My first thought was to have these as
value_as_XAPIs, e.g.:...but that's pretty ugly.
Alternatives considered
rust-asn1. I'll probably do this if neither of the above ideas is appealing to you.The text was updated successfully, but these errors were encountered: