[gnutls-devel] GnuTLS | Should a certificate with two SAN instances be rejected? (#872)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Dec 15 10:26:11 CET 2019
Nikos Mavrogiannopoulos commented:
> Hi, Nikos,thank you. I'm still confused by the binding mechanism here. Next shows another certificate (5009_2.pem), in which the subject is null and the sujectAltName extension is not present. Why can the certificate pass the path validation?---Nothing should be bound to the subject public key."Certification path processing verifies the binding between the subject distinguished name and/or subject alternative name and subject public key." (RFC5280, Sec. 6).
I think there is a misunderstanding here. gnutls does not have a strict path validation mechanism as described in RFC5280. It has a validation mechanism that works as:
1. gnutls_certificate_verify_peers2: "are the signatures on the certificate valid"
2. gnutls_certificate_verify_peers3: "is this certificate trusted for this DNS name"?
3. gnutls_certificate_verify_peers: a more advanced combination of these questions; e.g., is this certificate marked as server-only and trusted for this DNS name?
Thus for the certificate you are quoting it will pass (1) since the signatures are valid, but will not pass (2) where a name comparison is requested (for 3 the pass/not pass depends on whether the request includes name comparison).
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/872#note_260437386
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel