gnutls_x509_crt_print omits AIA extension

Richard Moore rich at
Sat Jan 7 22:11:00 CET 2012

In the course of evaluating gnutls vs. openssl, I've spotted that
gnutls_x509_crt_print fails to display the AIA extension. Unknown
extensions are displayed properly (hexdump), so it's not simply that
the code doesn't understand it. This can be reproduced using the
supplied certtool:

certtool --infile gmail.pem --certificate-info

Just grab the cert from any valid site and you'll find the extension.
Compare the output with:

openssl x509 -text -in gmail.pem

(both the above commands were run using the pem of the gmail certificate).



More information about the Gnutls-devel mailing list