[gnutls-devel] GnuTLS | honor_crq_extensions breaks certificate generation if trying to use a CSR that includes a Subject_Key_Identifier (#1550)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri May 17 03:09:34 CEST 2024




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1550#note_1909776053


> A certificate is created from the CSR containing the CRQ extensions. Regarding the `Subject_Key_Identifier` there are probably two ways to handle this, either overwrite the existing `Subject_Key_Identifier` or respect the one from the CSR. What is the best option I leave up to you.

I think we should overwrite it, as CA should have full control of such extension.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1550#note_1909776053
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240517/78392c13/attachment.html>


More information about the Gnutls-devel mailing list