[gnutls-devel] GnuTLS | Name Constraints applied to intermediate CA CN because CA certificate does not have Extended key usage ( (#776)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jul 18 04:06:31 CEST 2019

Luiz Angelo Daros de Luca commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/776#note_193055184

Yes, that is the one issue.

Second, I'm not sure if the verify_crt() assumptions if one use it validating an CA certificate, not a server one. Is it meant to be used for that too?

And also, as you mentioned, gnutls missing directory validation. Adding that will require some change in the verify_crt() function logic. Does this more a feature request than a bug.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/776#note_193055184
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190718/7e8e66f9/attachment.html>

More information about the Gnutls-devel mailing list