Gnu TLS needs to be more tolerant of mistakes in certificate chain order.

Stephen Baynes stephen.baynes at smoothwall.net
Fri Sep 14 12:00:59 CEST 2012 

Gnu TLS needs to be more tolerant of mistakes in certificate chain order.

For example:

$ gnutls-cli www.thawte.com
Resolving 'www.thawte.com'...
Connecting to '69.58.181.130:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1020 bits
 - Peer's public key: 1024 bits
- Certificate type: X.509
 - Got a certificate list of 3 certificates.
 - Certificate[0] info:
  - subject
`jurisdictionOfIncorporationCountryName=US,jurisdictionOfIncorporationStateOrProvinceName=Delaware,businessCategory=Private
Organization,O=Thawte\,
Inc.,serialNumber=3898261,C=US,ST=California,L=Mountain View
,OU=Infrastructure Operations,CN=WWW.THAWTE.COM', issuer `C=US,O=thawte\,
Inc.,OU=Terms of use at https://www.thawte.com/cps (c)06,CN=thawte Extended
Validation SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated
`2011-11-03 00:00:00 UTC', expires `2013-10-30 23:59:59 UTC', SHA-1
fingerprint `571294b7a761e6142b9116d09adab6e5728d7af7'
 - Certificate[1] info:
  - subject `C=US,O=thawte\, Inc.,OU=Certification Services Division,OU=(c)
2006 thawte\, Inc. - For authorized use only,CN=thawte Primary Root CA',
issuer `C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting
cc,OU=Certification Services Division,CN=Thawte Premium Server CA,EMAIL=
premium-server at thawte.com', RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-17 00:00:00 UTC', expires `2020-12-30 23:59:59 UTC',
SHA-1 fingerprint `5335e96a28512832eccfa6ed7d24362317d994db'
 - Certificate[2] info:
  - subject `C=US,O=thawte\, Inc.,OU=Terms of use at
https://www.thawte.com/cps (c)06,CN=thawte Extended Validation SSL CA',
issuer `C=US,O=thawte\, Inc.,OU=Certification Services Division,OU=(c) 2006
thawte\, Inc. - For authorized use only,CN=thawte Primary Root CA', RSA key
2048 bits, signed using RSA-SHA1, activated `2006-11-17 00:00:00 UTC',
expires `2016-11-16 23:59:59 UTC', SHA-1 fingerprint
`3dd6c26a33b179e76eed2cd360aa75a5c1b76a56'
- The hostname in the certificate matches 'www.thawte.com'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted

I agree to be strictly correct, [1] and [2] need to be swapped round.
Yet https://www.thawte.com works in all the main browsers and with wget and
curl.
So GnuTLS is the one that does not follow defacto standards even if it is
the one that
follows the formal standards).
Also if a certificate savvy company like Thawte can't get it right, who can
be expected to?
[I will approach Thawte and see if they will correct theirs. But it seems
that it has been wrong
for at least a couple of months, so it is unlikely that many are finding it
a problem.]

I took a moderately random sample of 268 https websites starting with 'a'.
Of these 30 failed for not trusted certificates with GnuTLS.
Of these 7 failed for mistakes in certificate chain but were seen as
acceptable by browsers
(so defacto OK). They were:
https://accounts.ebuyer.com (order wrong)
https://affiliate.com/ (order wrong)
https://ankiweb.net/ (order wrong)
https://appdog.com/ (multiple roots)
https://appstorm.net/ (multiple roots)
https://asdafinance.com/ (duplicate first entries)
https://adminarea.easyfundraising.org.uk (duplicate first entry)

That is over 2% of the original sample, small but hardly insignificant.

The one good thing is that in all cases the first entry in the chain was
the correct
one which makes it much easier to know where to start.

Using gnutls-cli (GnuTLS) 2.12.14 Packaged by Debian (2.12.14-5ubuntu3.1)
Also used in testing an application built with GnuTLS 3.0.18
I have read the release news for later versions of GnuTLS and cannot see
any related changes.



-- 
**Stephen Baynes CEng MBCS CITP
 Senior Software Developer
 stephen.baynes at smoothwall.net

 Smoothwall Ltd
 Phone: +44 (0­) 1489 86082
 www.smoothwall.net

 Smoothwall Limited is registered in England, Company Number: 4298247 and
whose registered address is 1 John Charles Way, Leeds, LS12 6QA United
Kingdom
This email and any attachments transmitted with it are confidential to the
intended recipient(s) and may not be communicated to any other person or
published by any means without the permission of Smoothwall Limited. Any
opinions stated in this message are solely those of the author.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120914/ca909cd9/attachment.htm>

More information about the Gnutls-devel mailing list