Server certificate hostname validation implementation not working when SAN without DNS, IP, URI is present.

[mman]

Summary

I am using custom certificates with CN=hostname and one additional properly tagged SANs (rfc822Name). The new hostname verification configured via mbedlts_ssl_set_hostname fails for such certificates.

System information

Mbed TLS version (number or commit id): 3.6.3

Expected behavior

I am not an expert on x509, but I assume a certificate with properly formatted subject with CN=hostname and SAN without additional DNS name or IP address should validate.

Actual behavior

Validation of server certificate fails when it contains properly defined CN=hostname in subject, and contains additional SANs, none of which are IP, DNS, or URI.

Additional information

The actual validation of cert and hostname happens here:

mbedtls/library/ssl_tls.c

Line 8823 in 6bf29fd

ret = mbedtls_x509_crt_verify_restartable(

When presence of SANs is detected, the check ignores subject CN entirely, and examines the SANs only.

mbedtls/library/x509_crt.c

Lines 2960 to 2972 in 6bf29fd

	if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
	if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
	return;
	}
	} else {
	for (name = &crt->subject; name != NULL; name = name->next) {
	if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
	x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
	return;
	}
	}
	}

And when SANs are analyzed, only the IP, DNS, and URI tags are examined. Presence of none is indicated as an error and certificate is flagged as untrusted.

mbedtls/library/x509_crt.c

Lines 2920 to 2930 in 6bf29fd

	case MBEDTLS_X509_SAN_DNS_NAME:
	if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
	return 0;
	}
	break;
	case MBEDTLS_X509_SAN_IP_ADDRESS:
	san_ip = 1;
	break;
	case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
	san_uri = 1;
	break;

Suggested fix

Unless I am missing something from the X509 standard, which I may of course, I believe that subject CN should be validated in addition to any additional DNS, IP, or URI SANs... and result presented when any of these pass.

[mman]

I believe the suggested fix may look like this:

First we walk the list of SANs, and try to find a match among DNS, IP, URI, if valid match found -> exit.

Second, try to validate against subject, if match found -> exit.

Otherwise fail.

--- x509_crt.c.orig	2025-03-26 22:06:40
+++ x509_crt.c	2025-03-26 22:10:02
@@ -2988,18 +2988,18 @@
     const mbedtls_x509_name *name;
     size_t cn_len = strlen(cn);
 
+    // iterate over SANs and try to validate cn against DNS, IP, URI
     if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
         if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
             return;
         }
-    } else {
-        for (name = &crt->subject; name != NULL; name = name->next) {
-            if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
-                x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
-                return;
-            }
+    }
+    // validate cn against certificate subject 
+    for (name = &crt->subject; name != NULL; name = name->next) {
+        if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
+            x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
+            return;
         }
-
     }
 
     *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;