[gnutls-help] RFC4514 compliance in gnutls_x509_crt_get_dn()?
Pierre Ossman
ossman at cendio.se
Fri Jul 15 12:01:55 CEST 2016
Hi,
I was looking at gnutls_x509_crt_get_dn() as a way to generate string
representations of DNs according to RFC4514. But there are two things
that strike me as being out of spec:
- The order of RDNs is wrong. GnuTLS outputs them first-to-last, but
RFC4514 states:
"...the output consists of the string encodings of each
RelativeDistinguishedName in the RDNSequence (according to Section
2.2), starting with the last element of the sequence and moving
backwards toward the first."
You can also see this in their examples:
"UID=jsmith,DC=example,DC=net"
The leaf being first, rather than last.
- The oid list includes some things not in the IANA registry. E.g.
1.3.6.1.4.1.311.60.2.1.3 and XmppAddr.
The oid list also seems a bit arbitrary, which could make
interoperability a bit annoying. :/
Thoughts?
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600 https://plus.google.com/+CendioThinLinc
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
More information about the Gnutls-help
mailing list