What makes a certificate invalid?

lfinsto at gwdg.de lfinsto at gwdg.de
Fri Dec 11 09:25:50 CET 2009 

From: 	Shanishchara, Kunal
 	What makes a certificate invalid?
Date: 	Thu, 10 Dec 2009 18:55:42 -0500

>> During a TLS handshake, if the Common name parameter does not match
>> between the client and server, is the handshake suppose to fail?

According to my understanding of how it works, the handshake takes place
before certificate verification.  If verification fails, an application
can break off the connection (but doesn't have to).


On Fri, December 11, 2009 1:49 am, Daniel Kahn Gillmor wrote:

> On 12/10/2009 06:55 PM, Shanishchara, Kunal wrote:
>> What makes a certificate invalid?
>
> There are many things that could make one side of a TLS connection
> consider the other side's certificate invalid.  For example, the
> certificate offered by the remote party could:
>

[...]

>
>> During a TLS handshake, if the Common name parameter does not match
>> between the client and server, is the handshake suppose to fail?
>
> If the certificate presented by the other side of the communication
> doesn't match who you think you should be talking to, why would you go
> on talking to them?  The reason the handshake should fail at that point
> is because *no secure communications link has been established*.
>

Verification might fail for any number of reasons, as Daniel describes.
In the application I'm working on, the signer might not be a CA if it's a
proxy certificate.  "Verification failing" means that
`gnutls_x509_crt_verify' sets the `GNUTLS_CERT_INVALID' bit in its
`unsigned int * VERIFY' argument.  Fortunately, it's possible to check the
other bits to find out exactly why verification "failed".  Here's an
example (taken from the manual and adapted slightly):

  gnutls_x509_crt_verify (crt, &issuer, 1, 0, &output);

  if (output & GNUTLS_CERT_INVALID)
    {
      if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
      {
        fprintf (stderr, "Not trusted");
        fprintf (stderr, ": no issuer was found");
      }

      if (output & GNUTLS_CERT_SIGNER_NOT_CA)
      {
        fprintf (stderr, "Trusted");
        fprintf (stderr, ": issuer is not a CA\n");
        fprintf (stderr, "This isn't so important, the previous
certificate might be a proxy.");
      }
      fprintf (stderr, "\n");
    }
  else
    fprintf (stderr, "Trusted\n");


In my application, I'm not sure that I want to require that the server
"know" the owner of the client's certificate.  Nor am I sure whether
`gnutls_x509_crt_verify' tests this --- I'd have to check.  I think it
should suffice that the certificate is valid and the CA is trusted,
however I haven't thought this through completely.

At any rate, `gnutls_x509_crt_verify' doesn't `abort' or `exit' if it
"fails", so the application can decide how to proceed itself, so to speak.


Laurence


-------------------------------------------------------------
Laurence Finston
Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH
Am Fassberg 11
37077 Goettingen

Telefon: 	+49 551 201-1882
E-Mail: 	lfinsto at gwdg.de

More information about the Gnutls-help mailing list