[libksba] Libksba behaviour wrt. certificates with no extensions

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Fri Jan 10 23:53:02 CET 2014


I'm debugging libksba behaviour wrt. a very lame certificate -
it's a self signed certificate with no extensions defined used
to sign/encrypt S/MIME messages. I'm attaching a certificate
to the e-mail (it comes from an example at RFC 4491).

The problem is that when asked for ksba_cert_is_ca() ->
ksba_get_extension() -> read_extension() it (if I debugged
it right) finds a dummy extension node, sets cert->cache.n_extns
to 1 then fails the OID check and returns GPG_ERR_NO_VALUE.

>From my understanding _ksba_asn_find_node should have returned
NULL, as there are no extensions in the certificate.

Is it a bug? Is it a misfuture?

With best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140111/0d7c1722/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 34.10-01.der
Type: application/x-x509-ca-cert
Size: 468 bytes
Desc: not available
URL: </pipermail/attachments/20140111/0d7c1722/attachment.crt>

More information about the Gcrypt-devel mailing list