<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: .875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;

}

body {

font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<p class="details" style="font-style: italic; color: #626168;">

<a href="https://gitlab.com/1784244538">One happy person</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1688">#1688</a>

</p>

<div class="md" style="position: relative; z-index: 1; color: #3a383f; word-wrap: break-word;">

<h2 dir="auto" style="margin-top: 0; margin-bottom: 10px;" align="initial">

<a href="#description-of-problem" aria-hidden="true" class="anchor" id="user-content-description-of-problem" style="margin-top: 0; margin-left: -20px; text-decoration: none; outline: none; position: absolute; width: 20px;"></a>Description of problem:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">The RFC standard for X.509 CRLs restricts the thisUpdate field to only two formats, namely UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 representation, which are 13 and 15 characters wide, respectively. However, GnuTLS 3.8.9 accepts CRL with a thisUpdate field of length 13 ("240123000000Z").</p>

<h2 dir="auto" style="margin-top: 20px; margin-bottom: 10px;" align="initial">

<a href="#version-of-gnutls-used" aria-hidden="true" class="anchor" id="user-content-version-of-gnutls-used" style="margin-top: 0; margin-left: -20px; text-decoration: none; outline: none; position: absolute; width: 20px;"></a>Version of gnutls used:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">GnuTLS 3.8.9</p>

<h2 dir="auto" style="margin-top: 20px; margin-bottom: 10px;" align="initial">

<a href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true" class="anchor" id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" style="margin-top: 0; margin-left: -20px; text-decoration: none; outline: none; position: absolute; width: 20px;"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">certtool --crl-info --inder --infile crl_file_13gn.der</p>

<h2 dir="auto" style="margin-top: 20px; margin-bottom: 10px;" align="initial">

<a href="#actual-results" aria-hidden="true" class="anchor" id="user-content-actual-results" style="margin-top: 0; margin-left: -20px; text-decoration: none; outline: none; position: absolute; width: 20px;"></a>Actual results:</h2>

<p dir="auto" style="color: #3a383f; margin: 0 0 1rem;" align="initial">Issued: Wed Dec 31 23:59:59 UTC 1969</p>

<h2 dir="auto" style="margin-top: 20px; margin-bottom: 10px;" align="initial">

<a href="#expected-results" aria-hidden="true" class="anchor" id="user-content-expected-results" style="margin-top: 0; margin-left: -20px; text-decoration: none; outline: none; position: absolute; width: 20px;"></a>Expected results:</h2>

<p dir="auto" style="color: #3a383f; margin: 0;" align="initial">The RFC standard for X.509 CRLs limits the thisUpdate field to only two formats: UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 encoding, which are 13 and 15 characters wide, respectively. Therefore, it should reject a CRL file with a thisUpdate field length of 13 ("240123000000Z").

<a href="https://gitlab.com/-/project/179611/uploads/38f2662a26c87d4b6d9ae78350aed2cb/crl_file_13gn.der" data-canonical-src="/uploads/38f2662a26c87d4b6d9ae78350aed2cb/crl_file_13gn.der" data-link="true" class="gfm" style="margin-top: 0;">crl_file_13gn.der</a></p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #626168;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1688">view it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/00939d37d91fb89da803f5fce31273b4/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1688"}}</script>

</p>

</div>

</body>

</html>