Are X.509 parsers supposed to check that the input is valid DER (as opposed to BER)? I haven't been able to find any implementation that does this. cc @BRIAN_____
-
-
Replying to @JethroGB
Both mozilla::pkix (C++) and webpki (Rust) do (try to), though they allow some exceptions (especially mozilla::pkix) for compatibility with existing certificates.
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
I checked the source of webpki and it doesn't look like it checks set ordering. I'll take another look at pkix
1 reply 0 retweets 0 likes -
Replying to @JethroGB @BRIAN_____
Well I guess webpki never parses distinguished names so maybe it doesn't need to.
2 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.