mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Non-compliance with RFC-5280 (X.509 Certificate Standard Specification)

Open joyantaDebnath opened this issue 3 years ago • 2 comments

We tested certificate chain validation logic of mbedTLS v2.25.0 using the cert_app application and found following bugs.

  1. (Now fixed by #7849) It allows empty DirectoryString (e.g., "") in Distinguished name structures of Issuer and Subject name. (RFC 5280 non-compliant)
  2. It does not prohibit deprecated IA5String in DirectoryString. (RFC 5280 non-compliant)
  3. It allows unnecessary bits in Key Usage Extension. These bits do not represent any standard certificate purpose. (RFC 5280 non-compliant)
  4. You should not allow 0 (zero) as certificate serial number. RFC 5280 says, “The serial number MUST be a positive integer assigned by the CA to each certificate...CAs MUST force the serial Number to be a non-negative integer...Non-conforming CAs may issue certificates with serial numbers that are negative or zero. Certificate users SHOULD be prepared to gracefully handle such certificates.”

joyantaDebnath avatar Jul 12 '21 02:07 joyantaDebnath

Issue (1) was fixed by #7849, which ensures that the DN contains at least 1 AttributeType=AttributeValue pair.

davidhorstmann-arm avatar Aug 14 '23 14:08 davidhorstmann-arm

It does not look like issue (1) is fixed properly. Do you reject the certificate when the value of common name (for example) attribute in RDN is an empty string ("")?

joyantaDebnath avatar Apr 24 '24 21:04 joyantaDebnath