Big CA certificate bundle causes problems with GnuTLS 3.0.11

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Tue May 29 23:24:47 CEST 2012

On 05/29/2012 11:17 PM, Janne Snabb wrote:

> On 2012-05-30 03:37, Michal Suchanek wrote:
>> Now what I do not get is how a pile of CA certificates is fragmenting
>> the packets.
>> Sounds like a security hole. CA cert piles should be local to either
>> side, only one CA cert relevant for the session. Technically there can
>> be more than one cert in the trust chain but not pile of them.
> If the *server* chooses to trust a pile of CA's in the same way as web
> browsers (clients) typically do, this will happen, see:
> It also says:
> "If the certificate_authorities list is empty, then the client MAY send
> any certificate of the appropriate ClientCertificateType, unless there
> is some external arrangement to the contrary."
> ...which suggests that in cases like this it might be a good idea or at
> least acceptable *not* to put anything in the certificate_authorities
> list when the server sends the Certificate Request. It is unclear how
> various client side implementations implement the "MAY" part of the
> above RFC quote. Do they send a client certificate if the CA list is
> empty? Which one will they send if they have several?

Most send any certificate selected by the user.

> It feels like there should be a way in the GnuTLS API to define whether
> the list of trusted CAs is to be advertised in Certificate Request or
> not. (Maybe there is a way but I am missing it?)

There is. Check client certificate authentication at:


More information about the Gnutls-help mailing list