[gnutls-devel] GnuTLS | The Extended Key Usage extension should be invalid (#1624)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Dec 7 10:24:51 CET 2024
dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1624
## Description of problem:
The definition of Extended Key Usage extension is as follows:
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
ASN. 1 specifies that tag 06 represents oid
I provided a test case where the enhanced key usage is displayed in non OID content (not OID’tag), which should be invalid.
Golang determined it as follows: invalid certificate policies,but gnutls doesn't think so.
![image](/uploads/3ee676aba920188b89f3ed84a25ff879/image.png)
## Version of gnutls used:
gnutls-cli 3.7.3
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
Steps to Reproduce:
* one gnutls_x509_crt_import(Cert.der)[Cert.zip](/uploads/71920dd9a11c8695b98bef8cc7ac1e50/Cert.zip)
## Actual results:
Complete
## Expected results:
invalid extended key usages
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1624
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241207/2574ba06/attachment.html>
More information about the Gnutls-devel
mailing list