GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification

Nikos Mavrogiannopoulos nmav at
Tue Oct 30 14:17:49 CET 2012

On Tue, Oct 30, 2012 at 10:04 AM, Michal Suchanek <hramrach at> wrote:
> Hello,
> when this flag is set some certificates cannot be verified.
> sends a certificate chain laid out like
> S R I  where S is the server certificate, R is root certificate, and I
> is intermediate certificate which signs S and is signed by R. R is
> known CA.
> gnutls-cli version 2.8.6, 3.0.20 and 3.0.22 cannot verify the
> certificate. gnutls-cli version 3.1.3 can.
> Upgrading gnutls to 3.1 does not enable an application to verify
> certificate unless the code setting GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
> is disabled in the application.

The GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is a dangerous flag and you
shouldn't use it unless you really know the consequences. In short it
means that an end-user certificate may pretend to be a CA.

Now for the issue you see. It is because you do not set the flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. If you set this flag then unsorted
chains will be sorted prior to verification. The reason you see this
failure is because this flag is enabled by default on a credentials
structure, unless it is overridden by other flags as you do.


More information about the Gnutls-help mailing list