[gnutls-devel] GnuTLS | `certtool` permits creation of certificates with "negative" serial numbers (#1237)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue May 24 19:12:54 CEST 2022
Daniel Kahn Gillmor commented:
Sorry, this does still seem to be an issue. @ZoltanFridrich 's example is not an example of the stated problem: the fact that zero is out of bounds doesn't have anything to do with the fact that some bitstring serial numbers might have the high bit set.
For example, if i offer the example hex string (`0xabcd`) as the serial number, the [produced certificate](/uploads/1eef43ae81491ccbfb7a941a1a6c5aac/x.crt.txt)produced certificate has the high bit set in the serial number. `dumpasn1` even complains about it:
```
13 2: INTEGER 43981
: Error: Integer is encoded as a negative value.
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1237#note_958565139
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220524/fc86b5da/attachment-0001.html>
More information about the Gnutls-devel
mailing list