[gnutls-devel] SSL certificate validation bugs in GnuTLS

Antoine Delignat-Lavaud antoine at delignat-lavaud.fr
Thu Feb 13 13:07:38 CET 2014

On 13/02/2014 09:04, Nikos Mavrogiannopoulos wrote:
>   Publishing a paper in a conference isn't considered reporting. If
> you'd like to report something for gnutls, summarize it, and sent it
> to the appropriate e-mail address or the mailing list. Providing a
> fix, is even better.

Hi Nikos,

I was an intern at Microsoft at the time of writing, and was not allowed 
to disclose the issue myself, or even look at the GPL GnuTLS code at 
that time. That being said, it seems you answered to our report (through 
the Microsoft disclosure program) on September 13 last year pointing us 
to the following page:


where it says: "Limitation: Pathlen constraints or key usage flags are
not consulted."  on gnutls_x509_trust_list_verify_crt().

Thus, we considered it was a known issue and went ahead with the 
publication. That being said, there is no doubt that X509 validation 
leaves much to be desired in GnuTLS and I am volunteering to write a 
patch to strengthen some of the checks.

On 13/02/2014 09:54, Suman Jana wrote:
> 1. GnuTLS ignores path length constraints for version <3.0. I think 
> it's a different bug than the one we described even though the result 
> is the same. We found the bug in GnuTLS 3.1.9 that (unlike older 
> versions) has code for parsing path length constraints but does not 
> enforce it correctly. Please see my earlier email to the gnutls-devel 
> mailing list for more details.

For newer versions we accepted Nikos' answer that the behavior is 
documented. We also reported the key usage issue, which is also 
documented on the page linked above. However, you are right that we 
didn't notice the issue with V1 certificates.


Antoine Delignat-Lavaud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140213/b9f77219/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4270 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140213/b9f77219/attachment.bin>

More information about the Gnutls-devel mailing list