Re: [VOTE] Merge svn-auth-x509 branch to trunk?

From: Ben Reser <ben_at_reser.org>
Date: Sun, 10 Aug 2014 11:44:01 -0700

On 8/10/14 7:35 AM, Ben Reser wrote:
> There shouldn't be any such certificate that's valid (at least that's using the
> Internet profile for X.509). There are two places that the signature algorithm
> are specified in the certificate. First in the Certificate sequence and again
> in the TBSCertificate sequence. According to the X.509 RFC these MUST always
> be the same OID (see section 4.1.1.2 and 4.1.2.3 or RFC 5280).
>
> So yes I'd be interested in seeing the certificate.
>
> If there really are such certificates we can loosen this check since it's not
> really important to how we're using the X.509 parser right now.

Ivan sent me the certificate. This appears to be a bug in the X.509 parser.
Haven't worked out what yet though.
Received on 2014-08-10 20:44:33 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: Regression in bindings? 1.7/1.8 vs 1.6"
Previous message: Branko Čibej: "Re: svn commit: r1617108 - /subversion/branches/authzperf/subversion/libsvn_repos/authz.c"
In reply to: Ben Reser: "Re: [VOTE] Merge svn-auth-x509 branch to trunk?"
Next in thread: Ben Reser: "Re: [VOTE] Merge svn-auth-x509 branch to trunk?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]