[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [VOTE] Merge svn-auth-x509 branch to trunk?

From: Ben Reser <ben_at_reser.org>
Date: Sun, 10 Aug 2014 11:44:01 -0700

On 8/10/14 7:35 AM, Ben Reser wrote:
> There shouldn't be any such certificate that's valid (at least that's using the
> Internet profile for X.509). There are two places that the signature algorithm
> are specified in the certificate. First in the Certificate sequence and again
> in the TBSCertificate sequence. According to the X.509 RFC these MUST always
> be the same OID (see section 4.1.1.2 and 4.1.2.3 or RFC 5280).
>
> So yes I'd be interested in seeing the certificate.
>
> If there really are such certificates we can loosen this check since it's not
> really important to how we're using the X.509 parser right now.

Ivan sent me the certificate. This appears to be a bug in the X.509 parser.
Haven't worked out what yet though.
Received on 2014-08-10 20:44:33 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.