[gnutls-devel] GnuTLS | SKI extension with empty values are valid (#1621)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 3 10:16:03 CET 2024
dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1621
## Description of problem:
RFC5280 defines SKI extension as follows:
SubjectKeyIdentifier ::= KeyIdentifier
Unlike AKI, all parts of AKI are optional
The null SKI extension was considered invalid by Golang, but it was not considered invalid by gnutls and openssl. After my feedback, openssl marked it as a bug.
## Version of gnutls used:
gnutls-cli 3.7.3
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
Steps to Reproduce:
* one gnutls_x509_crt_import(test.der)[test.der](/uploads/a48fbb88873bd9e0dcdd96fadd515731/test.der)
## Actual results:
Complete
## Expected results:
invalid subject key identifier
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1621
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241203/ca732b62/attachment.html>
More information about the Gnutls-devel
mailing list