[gnutls-devel] Incorrect implementation of path length constraints?

Kurt Roeckx kurt at roeckx.be
Wed Dec 9 23:29:21 CET 2015


When trying to connect to a website that has a pathlength
constraint I'm getting an error message while it works with
OpenSSL and NSS.  I think there might be a misinterpretation of
the pathlength contraint.  From rfc5280:

   The pathLenConstraint field is meaningful only if the cA boolean is
   asserted and the key usage extension, if present, asserts the
   keyCertSign bit (Section  In this case, it gives the
   maximum number of non-self-issued intermediate certificates that may
   follow this certificate in a valid certification path.  (Note: The
   last certificate in the certification path is not an intermediate
   certificate, and is not included in this limit.  Usually, the last
   certificate is an end entity certificate, but it can be a CA
   certificate.)  A pathLenConstraint of zero indicates that no non-
   self-issued intermediate CA certificates may follow in a valid
   certification path.  Where it appears, the pathLenConstraint field
   MUST be greater than or equal to zero.  Where pathLenConstraint does
   not appear, no limit is imposed.

I think GnuTLS currently doesn't allow the intermediate CA to sign
the end entity certificte when the length is set to 0.

A test site it www.abb.com.


More information about the Gnutls-devel mailing list