[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: [gnutls-devel] Restrictions on tag types
From: Kurt Roeckx <kurt () roeckx ! be>
Date: 2014-06-01 17:59:43
Message-ID: 20140601175943.GA3434 () roeckx ! be
[Download RAW message or body]
On Sun, Jun 01, 2014 at 07:48:28PM +0200, Nikos Mavrogiannopoulos wrote:
> On Sun, 2014-06-01 at 12:44 +0200, Kurt Roeckx wrote:
> > Hi,
> >
> > In lib/x509/common.c there is this:
> > [...]
> > ENTRY("2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING),
> > ENTRY("2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
> > ENTRY("2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
> > ENTRY("2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
> > [...]
> > I'm seeing certificates that encode the "C" with an UTF8String and
> > not a PrintableString, which then result in getting an error that
> > it has invalid DER.
>
> It is invalid encoding as RFC5280 specifies:
> X520countryName ::= PrintableString
I guess I have missed that. Thanks. I guess this is
something I'll add to my list of tests at some point.
> How common are these certificates? Are they so widespread we would need
> to add support for them?
So for I only know about 1 such issuer. And it's in the DN of the
issuer itself so they would need to create a new CA.
Kurt
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic