[gnutls-devel] GnuTLS | The Extended Key Usage extension should be invalid (#1624)

[Read-only notification of GnuTLS library development activities]

dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1624



## Description of problem:
The definition of Extended Key Usage extension is as follows:
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
ASN. 1 specifies that tag 06 represents oid
I provided a test case where the enhanced key usage is displayed in non OID content (not OID’tag), which should be invalid.
Golang determined it as follows: invalid certificate policies，but gnutls doesn't think so.
![image](/uploads/3ee676aba920188b89f3ed84a25ff879/image.png)

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:

 * one gnutls_x509_crt_import（Cert.der）[Cert.zip](/uploads/71920dd9a11c8695b98bef8cc7ac1e50/Cert.zip)

## Actual results:
Complete

## Expected results:
invalid extended key usages

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1624
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241207/2574ba06/attachment.html>