GnuTLS nameConstraints DNS/email matching is case-sensitive

Hi all,

There is a nameConstraints bypass in GnuTLS at commit in the comparison helper in lib/x509/name_constraints.c as the check is case-sensitive:

static enum name_constraint_relation
compare_strings(const void *n1, size_t n1_len, const void *n2, size_t n2_len)
{
    int r = memcmp(n1, n2, MIN(n1_len, n2_len));
    ...
}

That helper is used by both compare_dns_names() and compare_emails(), which in turn drive dnsname_matches() / email_matches() and the public gnutls_x509_name_constraints_check() logic used during certificate verification.

As a result, mixed-case DNS names and email domains can evade lowercase constraints. For example, an excluded subtree bad.example.com does not match Bad.Example.COM.

I wrote a minimal PoC. See attached.

The PoC performs two direct checks:

1. Excluded DNS constraint bad.example.com versus Bad.Example.COM
2. Excluded email-domain constraint bad.example.com versus User@Bad.Example.COM

Observed result:

dns excluded=bad.example.com probe=Bad.Example.COM result=1
email excluded=bad.example.com probe=User@Bad.Example.COM result=1

Both checks return nonzero, so both mixed-case names are accepted.

This is reachable on the normal verifier path because gnutls_x509_name_constraints_check_crt() iterates certificate SANs and calls gnutls_x509_name_constraints_check() for DNS and rfc822Name values.

Cheers, Josh

poc.c