[gnutls-devel] GnuTLS | Should a certificate with two SAN instances be rejected? (#872)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Dec 15 10:26:11 CET 2019

Nikos Mavrogiannopoulos commented:

> Hi, Nikos,thank you. I'm still confused by the binding mechanism here. Next shows another certificate (5009_2.pem), in which the subject is null and the sujectAltName extension is not present. Why can the certificate pass the path validation?---Nothing should be bound to the subject public key."Certification path processing verifies the binding between the subject distinguished name and/or subject alternative name and subject public key." (RFC5280, Sec. 6).

I think there is a misunderstanding here. gnutls does not have a strict path validation mechanism as described in RFC5280. It has a validation mechanism that works as:
 1. gnutls_certificate_verify_peers2: "are the signatures on the certificate valid"
 2. gnutls_certificate_verify_peers3: "is this certificate trusted for this DNS name"?
 3. gnutls_certificate_verify_peers: a more advanced combination of these questions; e.g., is this certificate marked as server-only and trusted for this DNS name?

Thus for the certificate you are quoting it will pass (1) since the signatures are valid, but will not pass (2) where a name comparison is requested (for 3 the pass/not pass depends on whether the request includes name comparison).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/872#note_260437386
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191215/67108086/attachment.html>

More information about the Gnutls-devel mailing list