[gnutls-devel] GnuTLS | `certtool` permits creation of certificates with "negative" serial numbers (#1237)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue May 24 19:12:54 CEST 2022

Daniel Kahn Gillmor commented:

Sorry, this does still seem to be an issue.  @ZoltanFridrich 's example is not an example of the stated problem: the fact that zero is out of bounds doesn't have anything to do with the fact that some bitstring serial numbers might have the high bit set.

For example, if i offer the example hex string (`0xabcd`) as the serial number, the [produced certificate](/uploads/1eef43ae81491ccbfb7a941a1a6c5aac/x.crt.txt)produced certificate has the high bit set in the serial number.  `dumpasn1` even complains about it:

  13    2:     INTEGER 43981
         :       Error: Integer is encoded as a negative value.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1237#note_958565139
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220524/fc86b5da/attachment-0001.html>

More information about the Gnutls-devel mailing list