<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p style="color: #777777;">
<a href="https://gitlab.com/lumag">Dmitry Baryshkov</a>
commented on a
discussion on <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1209#note_303806719">lib/x509/common.c</a>:
</p>
<table>
<tr class="line_holder" id="">
<td class="diff-line-num old_line" data-linenumber="1926" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1926
</td>
<td class="diff-line-num new_line" data-linenumber="1926" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1926
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC1926" class="line" lang="c">   <span class="k" style="font-weight: 600;">else</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="">
<td class="diff-line-num old_line" data-linenumber="1927" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1927
</td>
<td class="diff-line-num new_line" data-linenumber="1927" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1927
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC1927" class="line" lang="c">           <span class="k" style="font-weight: 600;">return</span> <span class="n" style="color: #333;">gnutls_assert_val</span><span class="p">(</span><span class="n" style="color: #333;">GNUTLS_GOST_PARAMSET_UNKNOWN</span><span class="p">);</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="">
<td class="diff-line-num old_line" data-linenumber="1928" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1928
</td>
<td class="diff-line-num new_line" data-linenumber="1928" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
1928
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC1928" class="line" lang="c"><span class="p">}</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1929
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1929" class="line" lang="c"></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1930" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1930
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1930" class="line" lang="c"><span class="kt" style="color: #458; font-weight: 600;">int</span> <span class="nf" style="color: #900; font-weight: 600;">_gnutls_x509_get_version</span><span class="p">(</span><span class="n" style="color: #333;">asn1_node</span> <span class="n" style="color: #333;">root</span><span class="p">,</span> <span class="k" style="font-weight: 600;">const</span> <span class="kt" style="color: #458; font-weight: 600;">char</span> <span class="o" style="font-weight: 600;">*</span><span class="n" style="color: #333;">name</span><span class="p">)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1931" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1931
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1931" class="line" lang="c"><span class="p">{</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1932" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1932
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1932" class="line" lang="c">   <span class="kt" style="color: #458; font-weight: 600;">uint8_t</span> <span class="n" style="color: #333;">version</span><span class="p">[</span><span class="mi" style="color: #099;">8</span><span class="p">];</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1933" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1933
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1933" class="line" lang="c">   <span class="kt" style="color: #458; font-weight: 600;">int</span> <span class="n" style="color: #333;">len</span><span class="p">,</span> <span class="n" style="color: #333;">result</span><span class="p">;</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1934" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1934
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1934" class="line" lang="c"></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1935" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1935
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1935" class="line" lang="c">   <span class="n" style="color: #333;">len</span> <span class="o" style="font-weight: 600;">=</span> <span class="k" style="font-weight: 600;">sizeof</span><span class="p">(</span><span class="n" style="color: #333;">version</span><span class="p">);</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1936" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1936
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1936" class="line" lang="c">   <span class="n" style="color: #333;">result</span> <span class="o" style="font-weight: 600;">=</span> <span class="n" style="color: #333;">asn1_read_value</span><span class="p">(</span><span class="n" style="color: #333;">root</span><span class="p">,</span> <span class="n" style="color: #333;">name</span><span class="p">,</span> <span class="n" style="color: #333;">version</span><span class="p">,</span> <span class="o" style="font-weight: 600;">&</span><span class="n" style="color: #333;">len</span><span class="p">);</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1937" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1937
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1937" class="line" lang="c">   <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">result</span> <span class="o" style="font-weight: 600;">!=</span> <span class="n" style="color: #333;">ASN1_SUCCESS</span><span class="p">)</span> <span class="p">{</span></span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="">
<td class="diff-line-num new old_line" data-linenumber="1929" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="diff-line-num new new_line" data-linenumber="1938" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
1938
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC1938" class="line" lang="c">           <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">result</span> <span class="o" style="font-weight: 600;">==</span> <span class="n" style="color: #333;">ASN1_ELEMENT_NOT_FOUND</span><span class="p">)</span></span>
</pre>
</td>
</tr>

</table>
<div style="">
<p dir="auto"><code>TBSCertificate</code>, <code>TBSRequest</code> and <code>TBSResponse</code> definitions contain excplicit <code>Version DEFAULT v1</code> note.</p>
<p dir="auto">For CRLs it is quite different (see <a href="https://tools.ietf.org/html/rfc5280" rel="nofollow noreferrer noopener" target="_blank">https://tools.ietf.org/html/rfc5280</a>):</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true" style="background-color: #fff; font-family: monospace; font-size: 90%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; margin: 0;"><code><span id="LC1" class="line" lang="plaintext">Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }</span>
<span id="LC2" class="line" lang="plaintext"></span>
<span id="LC3" class="line" lang="plaintext">TBSCertList  ::=  SEQUENCE  {</span>
<span id="LC4" class="line" lang="plaintext">     version                 Version OPTIONAL,</span>
<span id="LC5" class="line" lang="plaintext">                                   -- if present, MUST be v2</span></code></pre>
<p dir="auto">I think the problem comes from section 5.2 which specifies:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true" style="background-color: #fff; font-family: monospace; font-size: 90%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; margin: 0;"><code><span id="LC1" class="line" lang="plaintext">Conforming CAs that issue CRLs are required to include the authority</span>
<span id="LC2" class="line" lang="plaintext">key identifier (see sec. 5.2.1) and the CRL number (see sec. 5.2.3)</span>
<span id="LC3" class="line" lang="plaintext">extensions in all CRLs issued.</span></code></pre>
<p dir="auto">Which means that all issued CRLs MUST contain version field which should be v2.</p>
<p dir="auto">x.509 spec from 1997 contains following paragraph:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true" style="background-color: #fff; font-family: monospace; font-size: 90%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; margin: 0;"><code><span id="LC1" class="line" lang="plaintext"> If any extensions included in a CertificateList are defined as critical, the version element of the CertificateList shall be</span>
<span id="LC2" class="line" lang="plaintext">present. If no extensions defined as critical are included, the version element shall be absent. This may permit an implementation</span>
<span id="LC3" class="line" lang="plaintext">that only supports version 1 CRLs to still use the CRL if in its examination of the revokedCertificates sequence in the CRL, it does</span>
<span id="LC4" class="line" lang="plaintext">not encounter an extension. An implementation that supports version 2 (or greater) CRLs may be able to optimize its processing if</span>
<span id="LC5" class="line" lang="plaintext">it can determine early in processing that no critical extensions are present in the CRL.</span></code></pre>
<p dir="auto">Judging from this I think that it is safe to default <code>v1(0)</code> if there is no <code>tbsCertList.version</code> field.</p>
</div>


</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1209#note_303806719">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/cf1b147bead66b7e3376ed9c426ee8e4/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1209#note_303806719"}}</script>


</p>
</div>
</body>
</html>