Export mbedtls_x509_buf and mbedtls_x509_name utils

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.1k stars 2.53k forks source link

Export mbedtls_x509_buf and mbedtls_x509_name utils #4637

Open n4ss opened 3 years ago

n4ss commented 3 years ago

Suggested enhancement

Export utils functions in library/x509_crt.c for customer use.

Justification

Our use-case requires us to do some custom parsing of mbedtls_x509_buf / mbedtls_x509_name to validate formats, with branching based on various conditions. Most of the basic blocks are available for that in library/x509_crt.c but unfortunately, all of them are static and expected to be used in a different way when using mbedtls_x509_crt_verify (ex: strict equality on the subject CN etc..).

mpg commented 3 years ago

Hi @n4ss and thanks for the suggestion. Could you clarify what functions exactly you'd like exported?

This suggestion goes a bit against the direction we're taken recently (especially with the upcoming 3.0) release of trying to minimize the surface of the API for various reasons, mainly to preserve our ability to make internal changes in the future, and because it's easier to make the API hard to misuse (and test it) when it's small and clean.

So I'm not certain this is something we'll want to do, but perhaps if you clarify by naming specific functions you'd like to be exported and why you need them, we can discuss it.