GnuTLS allows version one and two certificates in TLS 1.2 during client authentication
Description of problem:
The specification for TLS 1.2 (RFC 5246) requires the usage of X.509v3 certificates for entity authentication. GnuTLS allows the usage of version one and two certificates.
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Compiled from source after cloning the respective branch from GitHub
Steps to Reproduce:
- Use OpenSSL
s_clientor similar tool to connect to the server using the following two certificates. This example uses OpenSSL.
For version one the certificates are:
GnuTLS accepts the certificates as valid and proceeds with the handshake.
GnuTLS should reject the certificates and abort the handshake.