Joyanta Debnath
Joyanta Debnath
1. It allows empty DirectoryString (e.g., "") in Distinguished name structures of Issuer and Subject name. (RFC 5280 non-compliant) 2. You should not allow 0 (zero) as certificate serial number....
### Summary 1. It allows empty DirectoryString (e.g., "") in Distinguished name structures of Issuer and Subject name. (RFC 5280 non-compliant) 2. You should not allow 0 (zero) as certificate...
We tested certificate chain validation logic of mbedTLS v2.25.0 using the cert_app application and found following bugs. 1. (Now fixed by #7849) It allows empty DirectoryString (e.g., "") in Distinguished...
Based on X.690 DER restrictions (section 11.5), when encoding a set or sequence, any field that is equal to its default value shall not be included in the encoding. Nevertheless,...
Allows the presence of (version 3) extensions even if the certificate version is 1 or 2. Allow the presence of extensions even if the version is greater than 3. What...
This is a standard extension documented in RFC 5280, essential for hostname verification. When Subject field contains an empty sequence, CAs can mark this extension as critical as well.
You should not allow 0 (zero) as certificate serial number. RFC 5280 says, "The serial number MUST be a positive integer assigned by the CA to each cer- tificate...CAs MUST...
The library allows empty DirectoryString (e.g., "") in Distinguished name structures of Issuer and Subject name. (RFC 5280 non-compliant). Minimum length should be 1.