[gnutls-devel] SSL certificate validation bugs in GnuTLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Feb 13 10:14:21 CET 2014
On Thu, Feb 13, 2014 at 9:28 AM, Suman Jana <suman at cs.utexas.edu> wrote:
> Hi Nikos,
> Thanks for your response. Please find my inline comments.
>>> 2. Path length constraints in CA certs should be enforced. GnuTLS ignores
>>> Path length constraints.
>> Which version of gnutls did you use? GnuTLS supports path length
>> constraints for quite some time now.
> We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9 indeed
> parses
> the path length constraints. However, it doesn't enforce them. During CA
> certificate
> verification, the function "check_if_ca" is called from verify.c.
> "check_if_ca" is defined in
> lib/x509/x509.c as follows -
[...]
> The problem is that the pathlen value is never checked.
This is not the verification function. Pathlen constraints is
correctly checked on the verification function as far as I can tell,
and the test cases we include pass. I could be wrong though, but in
that case please provide a certificate chain that succeeds
verification whereas it should have failed.
> While I do agree with you that name constraints are quite messy, I'll like
> to point
> out that several other open source SSL libraries that we tested (e.g.,
> OpenSSL, PolarSSL,
> ,NSS, Bouncy Castle) support them.
Do they support all the options for the name constraints or only the DNS?
regards,
Nikos
More information about the Gnutls-devel
mailing list