[gnutls-devel] GnuTLS | Missing Subject Alternative Name Type - registeredID (#905)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jan 14 18:47:39 CET 2020

Andreas Metzler commented:

You diagnosis looks correct. 
I have downloaded the two pems in the report, cat-ed them together and ran
`certtool --verify-chain --verify-hostname=node.acme.com --infile=/tmp/chain.pem`
with all 3.5 and 3.6 uploads to Debian.
* 3.5.0-1 to 3.5.9-1 work,
*  3.5.10-1 to 3.5.19-1 and 3.6.0-1 up to an including 3.6.8-2 produce "Unknown Subject Alternative name in X.509 certificate.",
* 3.6.9-1 and later are fine.

So this is a regression in 3.5.10 that was fixed in 3.6.9 (Or in Debian releases a regression from stretch/9 to buster/10.)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/905#note_271409121
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200114/e86abba0/attachment.html>

More information about the Gnutls-devel mailing list