pkcs1-pad self-check fails?

Simon Josefsson simon at
Tue Mar 16 15:57:06 CET 2010

Nikos Mavrogiannopoulos <nmav at> writes:

> No I don't. I never had. Maybe we should make this test fail when
> datefudge is not detected?
> Otherwise we might miss it in the future (as I missed it now). However
> this error looks like a
> PKCS padding issue? Don't remember changing anything related lately.
> Anyway I'll try to check it soon.

Thanks.  I think the problem is that the PKIX chain used to be rejected
(in 2.8.x) because the signature validation fails, but now the entire
chain is accepted.  Presumably the particular signature is no longer
validated.  That could be wrong, or there is a problem in that self


More information about the Gnutls-devel mailing list