[gnutls-devel] SSL certificate validation bugs in GnuTLS
Suman Jana
suman at cs.utexas.edu
Thu Feb 13 09:28:10 CET 2014
Hi Nikos,
Thanks for your response. Please find my inline comments.
>> 2. Path length constraints in CA certs should be enforced. GnuTLS ignores
>> Path length constraints.
> Which version of gnutls did you use? GnuTLS supports path length
> constraints for quite some time now.
We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9
indeed parses
the path length constraints. However, it doesn't enforce them. During
CA certificate
verification, the function "check_if_ca" is called from verify.c.
"check_if_ca" is defined in
lib/x509/x509.c as follows -
int
gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int
*critical)
{
int pathlen;
unsigned int ca;
return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
&pathlen);
}
The problem is that the pathlen value is never checked.
> GnuTLS will support name
> constraints when there is a reasonable profile defined. As it is now,
> the PKIX name constraints are a mess.
While I do agree with you that name constraints are quite messy, I'll
like to point
out that several other open source SSL libraries that we tested
(e.g., OpenSSL, PolarSSL,
,NSS, Bouncy Castle) support them.
Thanks,
Suman
More information about the Gnutls-devel
mailing list