Failure to follow chain of trust in certificate validation

Revision as of 17:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Failure to follow the chain of trust when validating a certificate results in the trust of a given resource which has no connection to trusted root-certificate entities.


  • Authentication: Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
  • Accountability: Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Exposure period

  • Design: Proper certificate checking should be included in the system design.
  • Implementation: If use of SSL (or similar) is simply mandated by design and requirements, it is the implementor's job to properly use the API and all its protections.


  • Languages: All
  • Platforms: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.



Likelihood of exploit


Avoidance and mitigation

  • Design: Ensure that proper certificate checking is included in the system design.
  • Implementation: Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.


If a system fails to follow the chain of trust of a certificate to a root server, the certificate looses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust - with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.

In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate wielding resource is at the other end of the chain.

If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since you must traverse the chain to a trusted source to verify the certificate.


if (!(cert = SSL_get_peer(certificate(ssl)) || !host)

 if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))

//do stuff

Related problems

  • Key exchange without entity authentication
  • Failure to validate host-specific certificate data
  • Failure to validate certificate expiration
  • Failure to check for certificate revocation