[Interest] [gnutls-help] ANNOUNCE: Qt Certificate Addon

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Dec 19 17:49:06 CET 2012


On Sun, Dec 16, 2012 at 10:18 PM, Richard Moore <rich at kde.org> wrote:

> What is it?
> ===========
> Qt Certificate Addon is a framework for creating X.509 certificates using
> Qt. Unlike the read-only support for certificates that's included in the SSL
> module this API allows new certificates, keys and signing requests to be
> created.

Hello Richard,
 The API looks reasonable. I don't know where this is intended to be
used, but it may be useful to have some examples of common usage in
the documentation (e.g. how to generate a certificate for a web
server).

I'd also miss key generation on smart card, but this may not be a
popular use-case for a first release. As I see the API it can easily
accommodate that in the future.

>   * Key usage
>   * Extended key usage

These two proved to be hard to use in the internet. On a survey of
certificates in web servers those values seem to be randomly selected
based on each admin's understanding of the meaning of the values.

> The code is capable of creating certificates, keys and signing requests with
> support for the most common types of certificate extension. The documentation
> is at a reasonable level, there are examples and a moderate level of unit
> tests. I've only tested the code on Linux, but apart from the RandomGenerator
> class it should work fine on all platforms.

Why not use gnutls' gnutls_rnd()?

regards,
Nikos



More information about the Interest mailing list