[gnutls-devel] GnuTLS | certtool generates subject DN in reverse order (#1243)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue May 18 17:27:55 CEST 2021



Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1243



over [on the IETF LAMPS mailing list](https://mailarchive.ietf.org/arch/msg/spasm/dDB3vVtC1K8SbA8KBGFKLoeXnRc/), David Cooper writes:

> I noticed that the attributes in the issuer and subject fields of the certificates are encoded in the reverse order of what one would expect.

In particular, the expectation is that the ASN.1 wire encoding lists the more general fields first.  So, for example, "O" (organizationalName) should come before "OU" (organizationalUnit, a subset of the organization), and "C" (country) should come before "ST" (state).

(note that the *visualization* of the DN is typically the reverse of the wire encoding; the work done to close #111 is correct, the problem is the wire encoding)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1243
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210518/57675d54/attachment.html>


More information about the Gnutls-devel mailing list