[gnutls-help] RFC4514 compliance in gnutls_x509_crt_get_dn()?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jul 15 13:43:04 CEST 2016
On Fri, Jul 15, 2016 at 12:01 PM, Pierre Ossman <ossman at cendio.se> wrote:
> Hi,
>
> I was looking at gnutls_x509_crt_get_dn() as a way to generate string
> representations of DNs according to RFC4514. But there are two things that
> strike me as being out of spec:
> - The order of RDNs is wrong. GnuTLS outputs them first-to-last, but
> RFC4514 states:
It seems you are right, indeed, the strings output by gnutls is first
to last. Would you be interested in fixing that, or contribute a unit
test for various encodings and their expected output string (similarly
to tests/base64.c)?
> - The oid list includes some things not in the IANA registry. E.g.
> 1.3.6.1.4.1.311.60.2.1.3 and XmppAddr.
Is that really an issue?
> The oid list also seems a bit arbitrary, which could make interoperability a
> bit annoying. :/
It is based on what we currently see in PKIX certificates. What kind
of interoperability are you concerned of?
regards,
Nikos
More information about the Gnutls-help
mailing list