[gnutls-devel] SSL certificate validation bugs in GnuTLS

Suman Jana suman at cs.utexas.edu
Thu Feb 13 10:26:58 CET 2014

>>   We found the bug in GnuTLS 3.1.9. As you mentioned, GnuTLS 3.1.9 indeed
>> parses
>>   the path length constraints. However, it doesn't enforce them. During CA
>> certificate
>>   verification, the function "check_if_ca" is called from verify.c.
>> "check_if_ca" is defined in
>>   lib/x509/x509.c as follows -
> [...]
>>    The problem is that the pathlen value is never checked.
> This is not the verification function. Pathlen constraints is
> correctly checked on the verification function as far as I can tell,
> and the test cases we include pass. I could be wrong though, but in
> that case please provide a certificate chain that succeeds
> verification whereas it should have failed.
   I don't have the test certificate chain right now. I'll check and
   get back to you.

>>    While I do agree with you that name constraints are quite messy, I'll like
>> to point
>>    out that several other open source SSL libraries that we tested (e.g.,
>> OpenSSL, PolarSSL,
>>    ,NSS, Bouncy Castle) support them.
> Do they support all the options for the name constraints or only the DNS?
   We tested with DNS and all of them seemed to support that.


More information about the Gnutls-devel mailing list