<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p style="color: #777777;">
<a href="https://gitlab.com/dueno">Daiki Ueno</a>
commented:
</p>
<div style="">
<blockquote dir="auto">
<p>As RFC 5280, 'signature' in 'tbsCertificate' is parsed.</p>
</blockquote>
<p dir="auto">Although it is not displayed as part of the tbsCertificate (because the RFC says the value must be equivalent to the outer signatureAlgorithm, there is no point in showing it twice), it is checked when reading a certificate from PEM:
<a href="https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/x509.c#L321">https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/x509.c#L321</a></p>
<p dir="auto">I think you can verify that if you create a bogus certificate with a mismatched tbsCertificate.signature.</p>
</div>


</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/983#note_339128307">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/b0c73954996993862909327fe5bb24e0/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/983#note_339128307"}}</script>


</p>
</div>
</body>
</html>