Skip to content

MbedTLS accepts a certificate whose serial number is zero #10763

Description

@Jennifer-first

Summary

MbedTLS accepts a certificate whose serial number is zero.However, RFC 5280 states: “The serial number must be a positive integer assigned by the CA to each certificate.”And,the errata #3200 "The serial number MUST be a positive non-zero integer assigned by the CA to each certificate".

System information

MbedTLS version (number or commit id): 3.6.6
Operating system and version: Ubuntu 20.04.5 LTS
Configuration (if not default, please attach mbedtls_config.h):Mbed TLS 3.6.6 (Default configuration, no changes made to mbedtls_config.h)
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Compiled from the official source archive (mbedtls-3.6.6.tar.bz2) using GNU Make and GCC. Installed globally via sudo make install.
Additional environment information: Ubuntu Linux (running inside a VirtualBox virtual machine), x86_64 architecture.

Expected behavior

MbedTLS should be rejected.

Actual behavior

. Loading the CA root certificate ... ok (0 skipped)
. Loading the certificate(s) ... ok

Steps to reproduce

~/mbedtls-3.6.6/programs/x509/cert_app mode=file filename=seed.pem ca_file=ca.pem

test.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementgood-first-issueGood for newcomershelp-wantedThis issue is not being actively worked on, but PRs welcome.priority-mediumMedium priority - this can be reviewed as time permits

    Type

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions