[gnutls-devel] GnuTLS | Valid cert fails to verify due to different DN encodings (#553)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Sep 20 10:28:43 CEST 2018


A simple but inefficient solution to address the tag issue, is for `_gnutls_x509_compare_raw_dn` comparison is to compare the textual form of the DNs (output of `gnutls_x509_rdn_get2`) for the DNs given using memcmp. That would not address the issue for `gnutls_pkcs11_get_raw_issuer_by_dn` which if I remember well is the same issue that NSS has. That is we will not be able to retrieve certificates will differing DN from the system (or any pkcs11) trust store. If @caldwell you could create some test case using `certtool -e` I could experiment with a patch to address it, though I can make no commitments.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/553#note_102999245
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180920/2638b9cc/attachment-0001.html>


More information about the Gnutls-devel mailing list