[gnutls-devel] GnuTLS | RFC 5280 compliance:GnuTLS parsed a CRL file with the authorityCertSerialNumber set to 0. (#1692)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Apr 9 16:37:18 CEST 2025
One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1692
## Description of problem:
Hello Developer:
I have a CRL file where the authorityCertSerialNumber field in the AKI extension is set to 0. GnuTLS successfully parsed the authorityCertSerialNumber field without any errors. However, according to RFC5280, the authorityCertSerialNumber field stores the certificate serial number, which must be a positive integer.So, is this a bug?
## Version of gnutls used:
GnuTLS 3.8.9
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
certtool --crl-info --inder --infile crl_aki_serial_0.der
## Actual results:
The Gnutls successfully printed this CRL
## Expected results:
Test Case:
[crl_aki_serial_0.der](/uploads/b498301c5ad585a8f570bbe3a3056648/crl_aki_serial_0.der)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1692
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250409/688c740b/attachment.html>
More information about the Gnutls-devel
mailing list