<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777;">

<a href="https://gitlab.com/Immortalem">Immortalem</a> created an issue <a href="https://gitlab.com/gnutls/gnutls/-/issues/1029">#1029</a>:

</p>

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">GnuTLS allows the client to present, in addition to a valid certificate chain, unrelated additional certificates in its certificate message during client authentication. While this is somewhat allowed in TLS 1.3 it's prohibited in prior versions.</p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">3.6.13, 3.6.14</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">Compiled from source after cloning the respective branch from GitHub</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">Steps to Reproduce:</p>

<ul dir="auto">

<li>Start <code>gnutls-serv</code> with

<ul>

<li>

<a href="https://gitlab.com/gnutls/gnutls/uploads/b5997cc58cda614eaf0b63ee2e452756/ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem</a> for <code>--x509certfile</code>

</li>

<li>

<a href="https://gitlab.com/gnutls/gnutls/uploads/58a0617004be9d88309f2c490880c65e/rsakey_2.pem" data-link="true" class="gfm">rsakey_2.pem</a> for <code>--x509keyfile</code>

</li>

<li>

<a href="https://gitlab.com/gnutls/gnutls/uploads/93dc75c17eb4ef983c1f32b32b0ae699/root.pem" data-link="true" class="gfm">root.pem</a> for <code>--x509cafile</code>

</li>

<li>require client certificate <code>-r</code>

</li>

<li>verify client certificate <code>--verify-client-cert</code>

</li>

</ul>

</li>

</ul>

<p dir="auto">I am unaware of any currently public tool that allows one to add unrelated certificates in the certificate message during the TLS handshake. Hence I provide two wireshark traces which show a successful handshake, first with an additional certificate after the last intermediate CA certificate and second with an additional certificate between leaf and intermediate CA certificate. Additionally, I provide the certificates used in their order of occurence.</p>

<ul dir="auto">

<li>

<p>First trace <a href="https://gitlab.com/gnutls/gnutls/uploads/a0cfc1c6292ee7059d9f8c725f8377ac/AdditionalCertAfterChain.pcapng" data-link="true" class="gfm">AdditionalCertAfterChain.pcapng</a></p>

<ul>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/2993b988edaaeb5489a96b093849fea0/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__leaf_certificate1.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__leaf_certificate1.pem</a></li>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/71c0a75d5058a32de59f886915e1960d/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__ca_certificate1.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__ca_certificate1.pem</a></li>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/d2ff7599473ffe16b953202ce035a313/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__attacker_certificate.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterChain__attacker_certificate.pem</a></li>

</ul>

</li>

<li>

<p>Second trace <a href="https://gitlab.com/gnutls/gnutls/uploads/31070d7963feb5156d91052444f46fc4/AdditionalCertAfterLeaf.pcapng" data-link="true" class="gfm">AdditionalCertAfterLeaf.pcapng</a></p>

<ul>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/5b158c661d1564c4ead5ef45c396fd6c/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__leaf_certificate1.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__leaf_certificate1.pem</a></li>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/39e081e44b919380efd5462e27b665b7/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__attacker_certificate.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__attacker_certificate.pem</a></li>

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/e2213f1de15b97dccef5864048bb11fa/ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__ca_certificate1.pem" data-link="true" class="gfm">ROOTv3_CAv3_LEAF_RSAv3_AdditionalCertAfterLeaf__ca_certificate1.pem</a></li>

</ul>

</li>

</ul>

<p dir="auto">Key for the leaf certificate:</p>

<ul dir="auto">

<li><a href="https://gitlab.com/gnutls/gnutls/uploads/58a0617004be9d88309f2c490880c65e/rsakey_2.pem" data-link="true" class="gfm">rsakey_2.pem</a></li>

</ul>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<p dir="auto">GnuTLS accepts the certificate chain, apparently ignoring the additional, unrelated certificate.</p>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">GnuTLS should reject the certificate chain in TLS 1.2 and prior.</p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1029">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/-/sent_notifications/f5b67e5e8a8b1631016711885304f673/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1029"}}</script>

</p>

</div>

</body>

</html>