[gnutls-devel] SSL certificate validation bugs in GnuTLS

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Feb 13 20:29:22 CET 2014

On 02/13/2014 02:14 PM, Nikos Mavrogiannopoulos wrote:
> On 02/13/2014 07:58 PM, Antoine Delignat-Lavaud wrote:
>> I will double check this but as far as I remember I don't think there
>> was any certificate issued without the DigitalSignature flag recently,
>> at least on the public PKI.
> You may want to check the SSL obvervatory's 2010 data (I couldn't find a
> later version). There you'll notice a whole madness with certificates. I
> even remember DSA certificates marked for key encipherment.

there are some more modern scans provided at https://scans.io/, for
folks interested in trawling large datasets of X.509 certificates.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140213/6c5a22c1/attachment.sig>

More information about the Gnutls-devel mailing list