[gnutls-devel] GnuTLS | GnuTLS does not require the Key Usage extension in CA certificates during client certificate authentication. (#1031)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jun 11 15:16:59 CEST 2020

Immortalem created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1031

## Description of problem:
During client certificate authentication (Tested in TLS 1.0 to 1.2) GnuTLS accepts certificate chains in which the intermediate CA certificate has no key usage extension. However, the specification for X.509 certificates, [RFC 5280](https://tools.ietf.org/html/rfc5280#section-, states regarding the Key Usage extension that "Conforming CAs MUST include this extension in certificates that contain public keys that are used to validate digital signatures on other public key certificates or CRLs.  When present, conforming CAs SHOULD mark this extension as critical."

I think that this constraint should be enforced by libraries through checking that the extension is present and contains the correct values.

## Version of gnutls used:
3.6.13, 3.6.14

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Compiled from source after cloning the respective branch from GitHub

## How reproducible:

Steps to Reproduce:

 * Start `gnutls-serv` with 
    - [ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem](/uploads/220bbfd19bdf074125362a1b8227885b/ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem) for `--x509certfile`
    - [rsakey_2.pem](/uploads/8d6df42f84649152d9ecd12ba17b944b/rsakey_2.pem) for `--x509keyfile`
    - [root.pem](/uploads/5539c2945e90e9be1bc0bdb53253fd31/root.pem) for `--x509cafile`
    - require client certificate `-r`
    - verify client certificate `--verify-client-cert`
 * Use OpenSSL `s_client` or similar tool to connect to the server using the following two certificates. This example uses OpenSSL.
    - `openssl s_client -connect localhost:4433 -cert ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__leaf_certificate1.pem -key rsakey_2.pem -CAfile ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__ca_certificate1.pem`
    - [ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__leaf_certificate1.pem](/uploads/72b83e9d76b2e152571c1b3da1a69de0/ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__leaf_certificate1.pem)
    - [ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__ca_certificate1.pem](/uploads/a4e19e4cc801e03e4a6c8785d13c1a6f/ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3__ca_certificate1.pem)
    - [rsakey_2.pem](/uploads/8d6df42f84649152d9ecd12ba17b944b/rsakey_2.pem)

## Actual results:
GnuTLS accepts the certificate chain and proceeds with the handshake.

## Expected results:
GnuTLS should reject the certificate chain since the CA certificate is invalid. Consequently, the handshake should be aborted.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1031
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200611/78e0f52c/attachment.html>

More information about the Gnutls-devel mailing list