From b712065a2eccea28bcf83de75405a97661018ced Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:42:11 +0000 Subject: [PATCH 1/4] Clarify CRL security guarantees Signed-off-by: Janos Follath --- SECURITY.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4e7bb14316..7e7e244235 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -110,19 +110,20 @@ considered a vulnerability. #### Formatting of X.509 certificates and certificate signing requests -When parsing X.509 certificates and certificate signing requests (CSRs), -Mbed TLS does not check that they are strictly compliant with X.509 and other -relevant standards. In the case of signed certificates, the signing party is -assumed to have performed this validation (and the certificate is trusted to -be correctly formatted as long as the signature is correct). -Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. +When parsing X.509 certificates, certificate signing requests (CSRs) or +certificate revocation lists (CRLs) Mbed TLS does not check that they are +strictly compliant with X.509 and other relevant standards. In the case of +signed certificates and signed CRLs, the signing party is assumed to have +performed this validation (and the certificate or CRL is trusted to be correctly +formatted as long as the signature is correct). Similarly, CSRs are implicitly +trusted by Mbed TLS to be standards-compliant. -**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra -validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable for use in -a Certificate Authority (CA). +**Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless +extra validation is performed separately to ensure that they are compliant to +the relevant specifications. This makes Mbed TLS on its own unsuitable for use +in a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other -undefined behavior when parsing certificates and CSRs. If a CSR or signed +undefined behavior when parsing certificates, CSRs and CRLs. If a CSR or signed certificate causes undefined behavior when it is parsed by Mbed TLS, that is considered a security vulnerability. From 7a9eceb53cfe635fc7ec65d4ed49fb0a40d98c2d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:46:44 +0000 Subject: [PATCH 2/4] Clarify purpose and suitability of sample programs Signed-off-by: Janos Follath --- programs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/README.md b/programs/README.md index b9260bffe9..8c4e960775 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,6 +3,8 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. +**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. + ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. From a852e727461b5da388bb5b1436c35726fb0528df Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:38:16 +0000 Subject: [PATCH 3/4] SECURITY.md: make x509 data section more readable Signed-off-by: Janos Follath --- SECURITY.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7e7e244235..98cb59bd1c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -108,15 +108,18 @@ protection against a class of attacks outside of the above described threat model. Neither does it mean that the failure of such a countermeasure is considered a vulnerability. -#### Formatting of X.509 certificates and certificate signing requests +#### Formatting of X509 data -When parsing X.509 certificates, certificate signing requests (CSRs) or -certificate revocation lists (CRLs) Mbed TLS does not check that they are -strictly compliant with X.509 and other relevant standards. In the case of -signed certificates and signed CRLs, the signing party is assumed to have -performed this validation (and the certificate or CRL is trusted to be correctly -formatted as long as the signature is correct). Similarly, CSRs are implicitly -trusted by Mbed TLS to be standards-compliant. +This section discusses limitations in how X.509 objects are processed. This +applies to certificates, certificate signing requests (CSRs) and certificate +revocation lists (CRLs). + +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates and signed CRLs, the +signing party is assumed to have performed this validation (and the certificate +or CRL is trusted to be correctly formatted as long as the signature is +correct). Similarly, CSRs are implicitly trusted by Mbed TLS to be +standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless extra validation is performed separately to ensure that they are compliant to From 2b9f62a1be2b556e858fa16d0ece648639569e72 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:39:40 +0000 Subject: [PATCH 4/4] programs/README.md clarify security remark Signed-off-by: Janos Follath --- programs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/README.md b/programs/README.md index 8c4e960775..47a8c9516c 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,7 +3,7 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. +We try to ensure that the sample programs are good examples of how to use Mbed TLS but we make no hard guarantees about their security. They should not be used in production unless they have been separately tested and thoroughly audited for security. Note that this means vulnerabilities in the sample programs are out of the scope of our usual security process and will be fixed in public. ### SSL/TLS sample applications