[gnutls-devel] GnuTLS | RFC 5280 compliance:GeneralizedTime parser accepts incorrect time values. (#1702)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Apr 19 04:55:59 CEST 2025
One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1702
## Description of problem:
The RFC standard for X.509 CRL restricts the revocationDate field to only two formats: UTCTime (YYMMDDHHMMSSZ) in ASN.1 representation and GeneralizedTime (YYYYMMDDHHMMSSZ). However, GnuTLS 3.8.9 accepts the revocationDate field with a value like GeneralizedTime("201213122547Z") in the CRL.
## Version of gnutls used:
GnuTLS 3.8.9
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## How reproducible:
certtool --crl-info --inder --infile crl_revoked_rev_date_gn_14.der
## Actual results:
The revocationDate value of the CRL is printed as "Revoked at: Wed Dec 31 23:59:59 UTC 1969".
## Expected results:
It should reject a CRL with a revocationDate field with a value like GeneralizedTime("201213122547Z").
[crl_revoked_rev_date_gn_14.der](/uploads/f7d4887476edd8974c0831cf6ca7e83b/crl_revoked_rev_date_gn_14.der)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1702
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250419/ef903566/attachment.html>
More information about the Gnutls-devel
mailing list