[gnutls-devel] GnuTLS | Subnet mask analysis (#1596)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Oct 22 16:33:13 CEST 2024
dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1596
RFC5280 stipulates that the IP address in the name constraint extension of the X.509 certificate must contain a subnet mask. For the malformed subnet mask, gnutls_x509_crt_import correctly parses it. In contrast, Golang's x509.ParseCertificate throws an error: parsing x509: IP constraint contained invalid mask xxxxxxxx
I found this issue using gnutls-cli 3.7.3
See the attached test case
[Cert17290457531910.der](/uploads/1eb475c4434a91c485f0d1dae5aece4a/Cert17290457531910.der)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1596
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241022/07ce1eb4/attachment.html>
More information about the Gnutls-devel
mailing list