[gnutls-devel] GnuTLS | There is no 'signature' in the part of 'tbsCertificate' (#983)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 8 16:48:20 CEST 2020




Daiki Ueno commented:


> As RFC 5280, 'signature' in 'tbsCertificate' is parsed.

Although it is not displayed as part of the tbsCertificate (because the RFC says the value must be equivalent to the outer signatureAlgorithm, there is no point in showing it twice), it is checked when reading a certificate from PEM:
https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/x509.c#L321

I think you can verify that if you create a bogus certificate with a mismatched tbsCertificate.signature.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/983#note_339128307
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200508/59ead4fb/attachment.html>


More information about the Gnutls-devel mailing list