[gnutls-devel] GnuTLS | Read Certificate Transparency (RFC 6962) SCT extension (!1367)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Mar 20 17:41:02 CET 2021
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1367 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/x509/output.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_534043860
>
> print_aia(str, der);
> + } else if (strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0) {
What about using `GNUTLS_X509EXT_OID_CT_SCT`?
--
Daiki Ueno started a new discussion on lib/x509/x509_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_534043862
> + * and return them as a gnutls_sign_algorithm_t enum value.
> + */
> + if (length <= 2) {
Use `<`.
--
Daiki Ueno started a new discussion on lib/x509/x509_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_534043863
> + return gnutls_assert_val(retval);
> +
> + length = _gnutls_read_uint16(scts_content.data);
Check `scts_content.size >= 2`.
--
Daiki Ueno started a new discussion on lib/x509/x509_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_534043864
> + while (length > 0) {
> + sct_length = _gnutls_read_uint16(ptr);
> + if (sct_length == 0 || sct_length > length)
I think `sct_length == 0` indicates the end of data, while `sct_length > length` seems to be an error. Maybe better handle them separately?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210320/378179f0/attachment.html>
More information about the Gnutls-devel
mailing list