gnutls_x509_crt_get_dn and gnutls_x509_rdn_get are not RFC4514 compliant
The order of RDNs is wrong. GnuTLS outputs them first-to-last, but RFC4514 states: "...the output consists of the string encodings of each RelativeDistinguishedName in the RDNSequence (according to Section 2.2), starting with the last element of the sequence and moving backwards toward the first."
The oid list includes some things not in the IANA registry. E.g. 188.8.131.52.4.1.3184.108.40.206.3 and XmppAddr.
See report at: http://article.gmane.org/gmane.network.gnutls.general/4147