[gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLS accepted the CRL file with an incorrect inner algorithm identifier. (#1795)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Feb 5 14:52:25 CET 2026
One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1795
## Description of problem:
Hello developers,
I successfully parsed a CRL file with an inner algorithm identifier of 1.2.840.98445.1.1.11 using GnuTLS, although GnuTLS did not display the specific information of the inner algorithm identifier in the parsing results. When Go parsed this CRL file, it displayed the error: "inner and outer signature algorithm identifiers don't match".
## Version of gnutls used:
GnuTLS 3.8.9
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
certtool --crl-info --inder --infile crl_wrong_inner_signature_oid.der
## Actual results:
[crl_wrong_inner_signature_oid.der](/uploads/28ee3b442af58491839a61c5dd69f71a/crl_wrong_inner_signature_oid.der)
## Expected results:
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1795
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260205/41228e9c/attachment.html>
More information about the Gnutls-devel
mailing list