[gnutls-devel] GnuTLS | Valid cert fails to verify due to different DN encodings (#553)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Mar 24 14:19:05 CET 2020
Pierre Ossman (Work account) commented:
We've gotten a user request for this as well, where the case is simply differing types.
> A simple but inefficient solution to address the tag issue, is for `_gnutls_x509_compare_raw_dn` comparison is to compare the textual form of the DNs (output of `gnutls_x509_rdn_get2`) for the DNs given using memcmp.
As far as I can tell this is what OpenSSL does as well. However it maintains a cache of the output to speed things up. See `x509_name_canon()` in `x_name.c`.
I have not dug out if they also suffer from issues accessing PKCS#11 stuff (or the system store).
Any more insights gathered around this?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/553#note_310438059
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200324/87228b8c/attachment-0001.html>
More information about the Gnutls-devel
mailing list