[gnutls-devel] SSL certificate validation bugs in GnuTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 13 10:14:21 CET 2014

On Thu, Feb 13, 2014 at 9:28 AM, Suman Jana <suman at cs.utexas.edu> wrote:
>  Hi Nikos,
>  Thanks for your response. Please find my inline comments.
>>> 2. Path length constraints in CA certs should be enforced. GnuTLS ignores
>>> Path length constraints.
>> Which version of gnutls did you use? GnuTLS supports path length
>> constraints for quite some time now.
>  We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9 indeed
> parses
>  the path length constraints. However, it doesn't enforce them. During CA
> certificate
>  verification, the function "check_if_ca" is called from verify.c.
> "check_if_ca" is defined in
>  lib/x509/x509.c as follows -
>   The problem is that the pathlen value is never checked.

This is not the verification function. Pathlen constraints is
correctly checked on the verification function as far as I can tell,
and the test cases we include pass. I could be wrong though, but in
that case please provide a certificate chain that succeeds
verification whereas it should have failed.

>   While I do agree with you that name constraints are quite messy, I'll like
> to point
>   out that several other open source SSL libraries that we tested (e.g.,
> OpenSSL, PolarSSL,
>   ,NSS, Bouncy Castle) support them.

Do they support all the options for the name constraints or only the DNS?


More information about the Gnutls-devel mailing list