[gnutls-devel] SSL certificate validation bugs in GnuTLS
suman at cs.utexas.edu
Thu Feb 13 09:28:10 CET 2014
Thanks for your response. Please find my inline comments.
>> 2. Path length constraints in CA certs should be enforced. GnuTLS ignores
>> Path length constraints.
> Which version of gnutls did you use? GnuTLS supports path length
> constraints for quite some time now.
We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9
the path length constraints. However, it doesn't enforce them. During
verification, the function "check_if_ca" is called from verify.c.
"check_if_ca" is defined in
lib/x509/x509.c as follows -
gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int
unsigned int ca;
return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
The problem is that the pathlen value is never checked.
> GnuTLS will support name
> constraints when there is a reasonable profile defined. As it is now,
> the PKIX name constraints are a mess.
While I do agree with you that name constraints are quite messy, I'll
like to point
out that several other open source SSL libraries that we tested
(e.g., OpenSSL, PolarSSL,
,NSS, Bouncy Castle) support them.
More information about the Gnutls-devel