[gnutls-devel] SSL certificate validation bugs in GnuTLS

Suman Jana suman at cs.utexas.edu
Thu Feb 13 10:26:58 CET 2014


>>   We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9 indeed
>> parses
>>   the path length constraints. However, it doesn't enforce them. During CA
>> certificate
>>   verification, the function "check_if_ca" is called from verify.c.
>> "check_if_ca" is defined in
>>   lib/x509/x509.c as follows -
> [...]
>>    The problem is that the pathlen value is never checked.
> This is not the verification function. Pathlen constraints is
> correctly checked on the verification function as far as I can tell,
> and the test cases we include pass. I could be wrong though, but in
> that case please provide a certificate chain that succeeds
> verification whereas it should have failed.
   I don't have the test certificate chain right now. I'll check and
   get back to you.

>>    While I do agree with you that name constraints are quite messy, I'll like
>> to point
>>    out that several other open source SSL libraries that we tested (e.g.,
>> OpenSSL, PolarSSL,
>>    ,NSS, Bouncy Castle) support them.
> Do they support all the options for the name constraints or only the DNS?
   We tested with DNS and all of them seemed to support that.

   Thanks,
   Suman



More information about the Gnutls-devel mailing list