[gnutls-devel] SSL certificate validation bugs in GnuTLS
suman at cs.utexas.edu
Thu Feb 13 10:26:58 CET 2014
>> We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9 indeed
>> the path length constraints. However, it doesn't enforce them. During CA
>> verification, the function "check_if_ca" is called from verify.c.
>> "check_if_ca" is defined in
>> lib/x509/x509.c as follows -
>> The problem is that the pathlen value is never checked.
> This is not the verification function. Pathlen constraints is
> correctly checked on the verification function as far as I can tell,
> and the test cases we include pass. I could be wrong though, but in
> that case please provide a certificate chain that succeeds
> verification whereas it should have failed.
I don't have the test certificate chain right now. I'll check and
get back to you.
>> While I do agree with you that name constraints are quite messy, I'll like
>> to point
>> out that several other open source SSL libraries that we tested (e.g.,
>> OpenSSL, PolarSSL,
>> ,NSS, Bouncy Castle) support them.
> Do they support all the options for the name constraints or only the DNS?
We tested with DNS and all of them seemed to support that.
More information about the Gnutls-devel