[gnutls-devel] GnuTLS | Certificate is considered as invalid if trust store contains CA cert with duplicating extensions (#1255)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Aug 18 11:52:57 CEST 2021

Daiki Ueno commented:

Thank you for the investigation, but I think it's an issue in the trust store setup; i.e., all the contained certs must be in a valid form (the dup-exts.pem is there only for the [negative test case](https://gitlab.com/gnutls/gnutls/-/blob/master/tests/cert-tests/x509-duplicate-ext.sh)).

Wouldn't it be possible to adjust the trust store not to include such certs (I'm not sure how it's done on macOS)?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1255#note_653811606
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210818/00a43d5c/attachment.html>

More information about the Gnutls-devel mailing list