[gnutls-devel] GnuTLS | WIP: Compare DNs by comparing their string representations (!1223)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Mar 24 20:19:07 CET 2020
Nikos Mavrogiannopoulos started a new discussion on lib/x509/dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_310741486
> _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
> const gnutls_datum_t * dn2)
> {
> + int ret;
> + gnutls_datum_t str1, str2;
>
> - if (dn1->size != dn2->size) {
> + ret = gnutls_x509_rdn_get2(dn1, &str1, 0);
I wonder if there can be cases where `gnutls_x509_rdn_get2` can fail (e.g., on some incorrect DER format, or a DN format we may not support). I think we should have the raw matching in addition to this, so certificates that today passes this matching, continues to do so.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_310741486
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200324/25168c0a/attachment-0001.html>
More information about the Gnutls-devel
mailing list