[gnutls-devel] SSL certificate validation bugs in GnuTLS

Suman Jana suman at cs.utexas.edu
Fri Feb 14 11:15:57 CET 2014

Hi Nikos,

You are right. It turns out that for this bug we were using v 3.1.0
from - ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.0.tar.lz.
The source code listings I sent you were also from v 3.1.0.

I confirmed that the pathlen constraints are indeed being checked
correctly in v 3.1.9.

Sorry about the confusion. BTW, is it a known bug for v 3.1.0?


On 02/13/2014 01:20 AM, Nikos Mavrogiannopoulos wrote:
> On Thu, Feb 13, 2014 at 9:33 AM, Suman Jana <suman at cs.utexas.edu> wrote:
>>   Sorry, one small correction. The "check_if_ca" function is actually defined
>> in lib/x509/verify.c
>>   and it calls "gnutls_x509_crt_get_ca_status".
> This is the place it is being used:
> https://www.gitorious.org/gnutls/gnutls/source/adab89f5c854ff0ac01e6db631df1eac86f1829f:lib/x509/verify.c#L189
> Maybe you tried with an older version?
> regards,
> Nikos

More information about the Gnutls-devel mailing list