[gnutls-devel] GnuTLS | Problematic CSR (self-signature verification fails) (#1287)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Nov 9 13:26:56 CET 2021
Adriano Santoni commented:
It doesn't seem to me particularly useful to know how it was generated, however it was generated with the PKI.js library.
I have generated another one (attached here), this time also keeping the private key (also attached); with this latter, it is easy to see that the signature on the CSR is cryptographically correct but was computed over the certRequestInfo element "AS IS" (i.e. as found in the CSR), ignoring that the Subject within is not DER-encoded.
[problem-csr-20211109.key](/uploads/4d7949f050d34ca7bdd9a97901fc9939/problem-csr-20211109.key)
[problem-csr-20211109.req](/uploads/d8ce5abd0fe173a6ea68c9047324e84a/problem-csr-20211109.req)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1287#note_727888366
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211109/0f5dd7c1/attachment.html>
More information about the Gnutls-devel
mailing list