pkcs1-pad self-check fails?

Simon Josefsson simon at josefsson.org
Tue Mar 16 15:57:06 CET 2010


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> No I don't. I never had. Maybe we should make this test fail when
> datefudge is not detected?
> Otherwise we might miss it in the future (as I missed it now). However
> this error looks like a
> PKCS padding issue? Don't remember changing anything related lately.
> Anyway I'll try to check it soon.

Thanks.  I think the problem is that the PKIX chain used to be rejected
(in 2.8.x) because the signature validation fails, but now the entire
chain is accepted.  Presumably the particular signature is no longer
validated.  That could be wrong, or there is a problem in that self
test.

/Simon





More information about the Gnutls-devel mailing list