[gnutls-devel] [PATCH V3] Check for all error conditions when verifying a certificate

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 17 13:12:08 CEST 2014

On Tue, Sep 16, 2014 at 8:02 PM, Armin Burgmeier <armin at arbur.net> wrote:
> This allows to check for all possible flaws with a certificate chain with a
> single call to gnutls_x509_crt_list_verify and friends.

I've noticed that this causes some discrepancies between
pkcs11-chainverify and chainverify in the verification. That is not
much of your concern of course as it is about the PKCS#11 module
verification and I'll handle it, but it uncovered the following issue:
The verification of a chain works like that:

To prevent a DoS (e.g. by a server or client that sends a list of 1000
certificates) it starts like (see _gnutls_verify_crt_status()):
1. verify: CA -> CA1
if (fail return status)

2. verify: CA1 -> CA2
if (fail return status)

3. verify: CA2 -> ENDCERT
if (fail return status)

So with your patch you'll get the status up to the point of first
failure. If the failure is in step 1 you'll get the full status for
CA->CA1 verification, but no flag will apply on ENDCERT. In your case
I think you verify against the scenario: CA -> ENDCERT, so you get
some reasonable flags. I don't know how reasonable these would be if
you are in a multiple CA scenario. Still it may make sense to do that
(in that case I should document that correctly), and I'm not sure
whether getting the flags of the 3 steps combined would offer much of
an advantage as they refer to multiple certificates. What do you think
of that? Is the current situation reasonable for your use case?


More information about the Gnutls-devel mailing list