On Fri, Jul 15, 2016 at 12:01 PM, Pierre Ossman <[email protected]> wrote: > Hi, > > I was looking at gnutls_x509_crt_get_dn() as a way to generate string > representations of DNs according to RFC4514. But there are two things that > strike me as being out of spec: > - The order of RDNs is wrong. GnuTLS outputs them first-to-last, but > RFC4514 states:
It seems you are right, indeed, the strings output by gnutls is first to last. Would you be interested in fixing that, or contribute a unit test for various encodings and their expected output string (similarly to tests/base64.c)? > - The oid list includes some things not in the IANA registry. E.g. > 1.3.6.1.4.1.311.60.2.1.3 and XmppAddr. Is that really an issue? > The oid list also seems a bit arbitrary, which could make interoperability a > bit annoying. :/ It is based on what we currently see in PKIX certificates. What kind of interoperability are you concerned of? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
