[gnutls-devel] GnuTLS | WIP: Compare DNs by comparing their string representations (!1223)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 24 20:19:07 CET 2020

Nikos Mavrogiannopoulos started a new discussion on lib/x509/dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_310741486

>  _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
>  			    const gnutls_datum_t * dn2)
>  {
> +	int ret;
> +	gnutls_datum_t str1, str2;
> -	if (dn1->size != dn2->size) {
> +	ret = gnutls_x509_rdn_get2(dn1, &str1, 0);

I wonder if there can be cases where `gnutls_x509_rdn_get2` can fail (e.g., on some incorrect DER format, or a DN format we may not support). I think we should have the raw matching in addition to this, so certificates that today passes this matching, continues to do so.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_310741486
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200324/25168c0a/attachment-0001.html>

More information about the Gnutls-devel mailing list