[gnutls-devel] GnuTLS | Valid cert fails to verify due to different DN encodings (#553)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 24 14:19:05 CET 2020

Pierre Ossman (Work account) commented:

We've gotten a user request for this as well, where the case is simply differing types.

> A simple but inefficient solution to address the tag issue, is for `_gnutls_x509_compare_raw_dn` comparison is to compare the textual form of the DNs (output of `gnutls_x509_rdn_get2`) for the DNs given using memcmp.

As far as I can tell this is what OpenSSL does as well. However it maintains a cache of the output to speed things up. See `x509_name_canon()` in `x_name.c`.

I have not dug out if they also suffer from issues accessing PKCS#11 stuff (or the system store).

Any more insights gathered around this?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/553#note_310438059
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200324/87228b8c/attachment-0001.html>

More information about the Gnutls-devel mailing list