[gnutls-devel] GnuTLS | Inconsistent Certificate Chain Length Limits in GnuTLS Leading to Validation Failures (#1590)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Oct 13 05:16:18 CEST 2024 


yao jia created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1590



## Description of the feature:
In GnuTLS version 3.8.7, the library limits the handling of certificate chains by restricting the total number of certificates rather than assessing the effective length of the chain. This approach can cause validation failures when a server includes additional certificates that, while not directly necessary for establishing a valid certificate path, may serve as cross-intermediate certificates providing alternative paths. 

As shown in the attached certificate chain[17certs_chain.pem](/uploads/7b207c8c6dd89067b980a1f135695e24/17certs_chain.pem), I configured a chain with 17 certificates. The valid certificate path could only be constructed using the first, second, and seventeenth certificates, with the others being irrelevant. This indicates that the actual effective length of the certificate path is merely 3. Nonetheless, the validation failed under these conditions.![17invalid](/uploads/a3fb744a6f5e49d00e024b715f4dbf22/17invalid.png) Interestingly, when I removed one irrelevant certificate—reducing the total number of certificates in the chain to 16 while maintaining the actual certificate path length at 3 — the validation succeeded.![16valid](/uploads/9864737dc6bd0e6042556ed1f237c81a/16valid.png)

## Applications that this feature may be relevant to:
This feature is particularly relevant to secure data transmission applications, including web browsers, email clients, and any client-server applications that rely on TLS for secure communication. The issue may surface in environments where servers are configured with extensive certificate chains or intermediate certificates are plentiful, potentially leading to failure to establish secure connections.

## Is this feature implemented in other libraries (and which)
Other cryptographic libraries such as OpenSSL and MbedTLS handle certificate chains differently, often allowing more flexibility in the chain length by focusing on the effective length of the chain rather than the total count of certificates. This approach can accommodate a broader range of server configurations and is less likely to reject a valid certificate chain solely based on the number of certificates presented.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1590
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241013/259a06fb/attachment.html>

More information about the Gnutls-devel mailing list