<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: .875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;

}

body {

font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<p class="details" style="font-style: italic; color: #626168;">

<a href="https://gitlab.com/dulanshuangqiao">dulanshuangqiao</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1631">#1631</a>

</p>

<div class="md" style="position: relative; z-index: 1; color: #3a383f; word-wrap: break-word;">

<h2 dir="auto" style="margin-top: 0; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#description-of-problem" aria-hidden="true" class="anchor" id="user-content-description-of-problem" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Description of problem:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">For the two certificates I provided, both contained the SKI extension, but the value was 0.

Both certificates failed the verification of openssl, while the verification results of gnutls showed differences

Cert1732784125104D1.pem passed the verification of gnutls, while Cert1732784125103D1.pem failed.</p>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial"><a class="no-attachment-icon gfm" href="https://gitlab.com/-/project/179611/uploads/c93287e15534ca531c2bd8c25970b38b/image.png" target="_blank" rel="noopener noreferrer" data-canonical-src="/uploads/c93287e15534ca531c2bd8c25970b38b/image.png" data-link="true" style="margin-top: 0;"><img src="https://gitlab.com/-/project/179611/uploads/c93287e15534ca531c2bd8c25970b38b/image.png" alt="image" width="368" height="84" data-canonical-src="/uploads/c93287e15534ca531c2bd8c25970b38b/image.png" class="gfm" style="max-width: 100%; height: auto; margin-top: 0; vertical-align: baseline; -o-object-fit: contain; object-fit: contain; -o-object-position: top; object-position: top;"></a></p>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial"><a href="https://gitlab.com/-/project/179611/uploads/5351f8d3b3e4f1f4b96879ef9d9898a6/Cert1732784125103D1.pem" data-canonical-src="/uploads/5351f8d3b3e4f1f4b96879ef9d9898a6/Cert1732784125103D1.pem" data-link="true" class="gfm" style="margin-top: 0;">Cert1732784125103D1.pem</a></p>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial"><a href="https://gitlab.com/-/project/179611/uploads/7f5060c2693583a16f75c96fa8cd3d10/Cert1732784125104D1.pem" data-canonical-src="/uploads/7f5060c2693583a16f75c96fa8cd3d10/Cert1732784125104D1.pem" data-link="true" class="gfm" style="margin-top: 0;">Cert1732784125104D1.pem</a></p>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial"><a href="https://gitlab.com/-/project/179611/uploads/a0a2ea07153e02b987bdc9746ff14303/RootCA.pem" data-canonical-src="/uploads/a0a2ea07153e02b987bdc9746ff14303/RootCA.pem" data-link="true" class="gfm" style="margin-top: 0;">RootCA.pem</a></p>

<h2 dir="auto" style="margin-top: 1.5rem; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#version-of-gnutls-used" aria-hidden="true" class="anchor" id="user-content-version-of-gnutls-used" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Version of gnutls used:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">gnutls-cli 3.7.3</p>

<h2 dir="auto" style="margin-top: 1.5rem; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true" class="anchor" id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">Ubuntu</p>

<h2 dir="auto" style="margin-top: 1.5rem; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#how-reproducible" aria-hidden="true" class="anchor" id="user-content-how-reproducible" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>How reproducible:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">Steps to Reproduce:</p>

<ul dir="auto" style="text-align: initial; list-style-type: disc; margin: 0 0 1rem; padding: 0;">

<li style="margin-top: 0; line-height: 1.6em; margin-left: 25px; padding-left: 3px;">one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784125103D1.pem</li>

<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">two certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784125104D1.pem</li>

</ul>

<h2 dir="auto" style="margin-top: 1.5rem; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#actual-results" aria-hidden="true" class="anchor" id="user-content-actual-results" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Actual results:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">Cert1732784125104D1.pem：Verified, The certificate is trusted.

Cert1732784125103D1.pem：Not verified. The certificate is NoT trusted.</p>

<h2 dir="auto" style="margin-top: 1.5rem; margin-bottom: 1rem; border-bottom-style: solid; border-bottom-color: #dcdcde; font-weight: 600; font-size: clamp(1.3125rem, 0.8680555556rem + 0.9259259259vw, 1.5625rem); letter-spacing: -0.01em; line-height: 1.25; color: #18171d; border-bottom-width: 1px; padding-bottom: 0.25rem;" align="initial">

<a href="#expected-results" aria-hidden="true" class="anchor" id="user-content-expected-results" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Expected results:</h2>

<p dir="auto" style="color: #3a383f; margin: 0;" align="initial">Cert1732784125104D1.pem：Not verified. The certificate is NoT trusted.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #626168;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1631">view it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/2fdfa35268ffd06c55ed4fbc98d87c4b/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1631"}}</script>

</p>

</div>

</body>

</html>