[gnutls-devel] GnuTLS | WIP: Compare DNs by comparing their string representations (!1223)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Mar 27 09:17:25 CET 2020

Nikos Mavrogiannopoulos commented on a discussion on lib/x509/dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_312523457

>  _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
>  			    const gnutls_datum_t * dn2)
>  {
> +	int ret;
> +	gnutls_datum_t str1, str2;
> +

Something like:
RFC5280 (https://tools.ietf.org/html/rfc5280#section-7.1) requires that the LDAP StringPrep profile and caseIgnoreMatch must be used for this comparison. We do not use that but instead we do a simpler comparison that ignores the tags used such as `UTF8String` and `PrintableString`.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_312523457
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200327/494c55d1/attachment.html>

More information about the Gnutls-devel mailing list