GNU bug report logs -
#19404
25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane
Previous Next
Reported by: Dmitry Gutov <dgutov <at> yandex.ru>
Date: Thu, 18 Dec 2014 11:53:01 UTC
Severity: normal
Found in version 25.0.50
Done: Dmitry Gutov <dgutov <at> yandex.ru>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
>>>>> David Engster <deng <at> randomsample.de> writes:
>>>>> Ivan Shmakov writes:
>>>>> David Engster <deng <at> randomsample.de> writes:
[…]
>>> So my guess would be: use gnutls_x509_crt_get_dn2 or maybe
>>> gnutls_x509_crt_get_subject and compare to
>>> gnutls_certificate_get_issuer. If equal -> self-signed. But that
>>> could be wrong. Best place is to ask on the GnuTLS list.
>> If anything, it’s the respective public key fingerprints that are to
>> be compared.
> Sorry, I don't get it. Which respective public key fingerprints?
> There's just one certificate.
Public key fingerprint is a property of, well, the public key, –
not the certificate.
But I stand corrected; as it seems, while OpenPGP signatures –
including those binding user IDs to public keys [1] – allow for
the signer (issuer) to be identified with a “key ID” (the low
64 bits SHA-1 of the respective public key’s fingerprint), X.509
certificates do not offer such an option (e. g., [2].)
So I guess we should indeed check the DNs.
[1] urn:ietf:rfc:4880, section 11.1 “Transferable Public Keys”.
[2] https://cipherious.wordpress.com/2013/05/13/constructing-an-x-509-certificate-using-asn-1/
--
FSF associate member #7257 np. The Talisman — Iron Maiden … B6A0 230E 334A
This bug report was last modified 10 years and 190 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.