[gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLSaccepts the Issuer field with invalid UTF-8 values. (#1796)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 6 14:54:49 CET 2026
One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1796
## Description of problem:
Hello developers,
I have successfully parsed a CRL file with an invalid UTF-8 value in the Issuer field using GnuTLS.The 5th byte of the L (LocalityName) attribute in the Issuer field is 0xFF, and 0xFF is an illegal byte in UTF-8 encoding.
## Version of gnutls used:
GnuTLS 3.8.9
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
certtool --crl-info --inder --infile crl_fuzz_L_field_0xFF.der
## Actual results:
[crl_fuzz_L_field_0xFF.der](/uploads/8e4c4549d5954ef535a5c96023e3a638/crl_fuzz_L_field_0xFF.der)
## Expected results:
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1796
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260206/0aa0c17e/attachment.html>
More information about the Gnutls-devel
mailing list