<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div>
<p dir="auto">A simple but inefficient solution to address the tag issue, is for <code>_gnutls_x509_compare_raw_dn</code> comparison is to compare the textual form of the DNs (output of <code>gnutls_x509_rdn_get2</code>) for the DNs given using memcmp. That would not address the issue for <code>gnutls_pkcs11_get_raw_issuer_by_dn</code> which if I remember well is the same issue that NSS has. That is we will not be able to retrieve certificates will differing DN from the system (or any pkcs11) trust store. If <a href="https://gitlab.com/caldwell" data-user="675594" data-reference-type="user" data-container="body" data-placement="bottom" class="gfm gfm-project_member has-tooltip" title="David Caldwell">@caldwell</a> you could create some test case using <code>certtool -e</code> I could experiment with a patch to address it, though I can make no commitments.</p>
</div>


</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/553#note_102999245">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/cffe532d5a8be6bbde4af59d105a1276/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/553#note_102999245"}}</script>
</p>
</div>
</body>
</html>