Re: [TLS] Verifying X.509 Certificate Chains out of order

To: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Martin Rex <Martin.Rex at sap.com>
Date: Tue, 7 Oct 2008 16:09:16 +0200 (MEST)
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <E1Kn3EI-0008Id-Cc at wintermute01.cs.auckland.ac.nz> from "Peter Gutmann" at Oct 7, 8 04:27:22 pm
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com
Sender: tls-bounces at ietf.org

Peter Gutmann wrote:
> 
> Martin Rex <Martin.Rex at sap.com> writes:
> 
> >Looking at the official protocol spec, the possibility to send an empty list
> >of certificate_authorities in the CertificateRequest message was introduced
> >as a purely optional feature with TLS v1.1. It was _NOT_ previously allowed
> >to send an empty list in the SSL v3 and TLS v1.0 specifications!
> 
> Yes it is.  The minimum length 3 can be used to encode a zero-length ASN.1
> SEQUENCE (using BER encoding), there's nothing there that says it has to
> contain anything.  I've been sending this in my certRequest for, oh, about 10
> years now without running into any problems.

Looking at the TLS v1.0 spec again:

       opaque DistinguishedName<1..2^16-1>;

       struct {
           ClientCertificateType certificate_types<1..2^8-1>;
           DistinguishedName certificate_authorities<3..2^16-1>;
       } CertificateRequest;

Would a zero-length ASN.1 SEQUENCE not require that DistinguishedName
have a zero length?

TLS v1.1 added support for an empty list with this change:

      opaque DistinguishedName<1..2^16-1>;

      struct {
          ClientCertificateType certificate_types<1..2^8-1>;
          DistinguishedName certificate_authorities<0..2^16-1>;
      } CertificateRequest;

which allows certificate_authorities to be empty, but still requires
DistinguishedName to be non-empty (if sent).

(I admit I've never implemented SSL/TLS, so I'm not deeply intimate
 with the actual code).

-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.