Summary
MbedTLS accepts a cert which has no subjectAltName and an empty subject.
Section 4.1.2.6 Subject of RFC 5280 mentions that the subject name MAY be carried in the subject field and/or the subjectAltName extension.
System information
Mbed TLS version (number or commit id): 3.6.6
Operating system and version: Ubuntu 20.04.5 LTS
Configuration (if not default, please attach mbedtls_config.h):Mbed TLS 3.6.6 (Default configuration, no changes made to mbedtls_config.h)
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Compiled from the official source archive (mbedtls-3.6.6.tar.bz2) using GNU Make and GCC. Installed globally via sudo make install.
Additional environment information: Ubuntu Linux (running inside a VirtualBox virtual machine), x86_64 architecture.
Expected behavior
MbedTLS should be rejected.
Actual behavior
. Loading the CA root certificate ... ok (0 skipped)
. Loading the certificate(s) ... ok
Steps to reproduce
~/mbedtls-3.6.6/programs/x509/cert_app mode=file filename=seed.pem ca_file=ca.pem
cert.zip
Summary
MbedTLS accepts a cert which has no subjectAltName and an empty subject.
Section 4.1.2.6 Subject of RFC 5280 mentions that the subject name MAY be carried in the subject field and/or the subjectAltName extension.
System information
Mbed TLS version (number or commit id): 3.6.6
Operating system and version: Ubuntu 20.04.5 LTS
Configuration (if not default, please attach
mbedtls_config.h):Mbed TLS 3.6.6 (Default configuration, no changes made to mbedtls_config.h)Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Compiled from the official source archive (mbedtls-3.6.6.tar.bz2) using GNU Make and GCC. Installed globally via
sudo make install.Additional environment information: Ubuntu Linux (running inside a VirtualBox virtual machine), x86_64 architecture.
Expected behavior
MbedTLS should be rejected.
Actual behavior
. Loading the CA root certificate ... ok (0 skipped)
. Loading the certificate(s) ... ok
Steps to reproduce
~/mbedtls-3.6.6/programs/x509/cert_app mode=file filename=seed.pem ca_file=ca.pem
cert.zip