[gnutls-help] RFC4514 compliance in gnutls_x509_crt_get_dn()?

Pierre Ossman ossman at cendio.se
Fri Jul 15 12:01:55 CEST 2016


I was looking at gnutls_x509_crt_get_dn() as a way to generate string 
representations of DNs according to RFC4514. But there are two things 
that strike me as being out of spec:

  - The order of RDNs is wrong. GnuTLS outputs them first-to-last, but 
RFC4514 states:

    "...the output consists of the string encodings of each
    RelativeDistinguishedName in the RDNSequence (according to Section
    2.2), starting with the last element of the sequence and moving
    backwards toward the first."

    You can also see this in their examples:


    The leaf being first, rather than last.

  - The oid list includes some things not in the IANA registry. E.g. and XmppAddr.

The oid list also seems a bit arbitrary, which could make 
interoperability a bit annoying. :/


Pierre Ossman           Software Development
Cendio AB		https://cendio.com
Teknikringen 8		https://twitter.com/ThinLinc
583 30 Linköping	https://facebook.com/ThinLinc
Phone: +46-13-214600	https://plus.google.com/+CendioThinLinc

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

More information about the Gnutls-help mailing list