[gnutls-devel] GnuTLS | Certificate Validation Differences (#1631)

[Read-only notification of GnuTLS library development activities]

dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1631



## Description of problem:
For the two certificates I provided, both contained the SKI extension, but the value was 0.
Both certificates failed the verification of openssl, while the verification results of gnutls showed differences
Cert1732784125104D1.pem passed the verification of gnutls, while Cert1732784125103D1.pem failed.

![image](/uploads/c93287e15534ca531c2bd8c25970b38b/image.png){width=368 height=84}

[Cert1732784125103D1.pem](/uploads/5351f8d3b3e4f1f4b96879ef9d9898a6/Cert1732784125103D1.pem)

[Cert1732784125104D1.pem](/uploads/7f5060c2693583a16f75c96fa8cd3d10/Cert1732784125104D1.pem)

[RootCA.pem](/uploads/a0a2ea07153e02b987bdc9746ff14303/RootCA.pem)

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:

 * one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784125103D1.pem
 * two certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784125104D1.pem

## Actual results:
Cert1732784125104D1.pem：Verified, The certificate is trusted.
Cert1732784125103D1.pem：Not verified. The certificate is NoT trusted.
## Expected results:
Cert1732784125104D1.pem：Not verified. The certificate is NoT trusted.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1631
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241219/3f3ddf2c/attachment.html>