x509: reject certificates having duplicate extensions

Review changes
Download
Patches
Plain diff

Nikos Mavrogiannopoulos requested to merge nmav/gnutls:tmp-check-dup-extensions into master Dec 29, 2019

Overview 1
Commits 3
Pipelines 5
Changes 9

According to RFC5280 a certificate must not include more than one instance of a particular extension. We were previously printing warnings when such extensions were found, but that is insufficient to flag such certificates. Instead, refuse to import them.

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated / NEWS entry present (for non-trivial changes)
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Jan 08, 2020 by Dmitry Baryshkov

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking