[gnutls-devel] GnuTLS | Make gnutls compliant to RFC5280 (!1550)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Mar 15 17:47:47 CET 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1550 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1550#note_875677759
> +
> +/* Check whether serial number is RFC5280 compliant */
> +static int check_serial(gnutls_x509_crt_t cert)
If this function returns 0 or 1, I'd suggest changing the return type to `unsigned` (or better, `bool`, given this is an internal function).
--
Daiki Ueno started a new discussion on lib/x509/x509.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1550#note_875677772
>
> + /* enforce upper bound on certificate version (RFC5280 compliant) */
> + if (version > 3) {
Can this be merged into the `if` block below, or perhaps this block should be enclosed with `#ifdef STRICT_X509` ... `#endif`?
--
Daiki Ueno started a new discussion on lib/pkix.asn: https://gitlab.com/gnutls/gnutls/-/merge_requests/1550#note_875677779
> - -- so if it causes problems, considering dropping it. --
> - ia5String IA5String (SIZE(1..MAX)) }
> + bmpString BMPString (SIZE(1..MAX)) }
I think it's worth mentioning this change in NEWS. Also you might need to adjust or remove the `userid` test (which seems to have moved to `tests/cert-tests/userid.sh`)?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1550
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220315/ee410aca/attachment.html>
More information about the Gnutls-devel
mailing list