[gnutls-devel] GnuTLS | SHA-1 root CA is rejected when %PROFILE_MEDIUM is set (#1202)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Apr 13 12:21:44 CEST 2021

Jacek created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1202

## Description of problem:

When trusted root CA is self-signed using SHA-1 algorithms (some roots that are still valid and issue certs do), certificate verification will always fail when `%PROFILE_MEDIUM` is specified.

Certificates included in trust store should be trusted implicitly. SHA-1 vulnerabilities have no effect on security of such certs.

Either trusted CAs should be excluded from MEDIUM profile checks or flag that could be chained with PROFILE_MEDIUM, similar to `%VERIFY_ALLOW_SIGN_WITH_SHA1` but for root/trusted CAs only, should be introduced.

Also see:

## Version of gnutls used:

RHEL 8/CentOS 8 - 3.6.14

Debian bullseye - 3.7.1

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

RHEL 8 / CentOS 8 / Debian bullseye (testing)

## How reproducible:


## Steps to Reproduce:

 * `docker exec -i -t --rm debian:bullseye`
 * `apt update`
 * `apt install ca-certificates gnutls-bin`
 * `gnutls-cli --priority='PFS:%PROFILE_MEDIUM' --starttls-proto smtp --port 25 smtp.yandex.ru -d 2`

## Actual results:

(Notice that all certificates sent by server are `signed using RSA-SHA256`)

- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=smtp.yandex.ru,O=Yandex LLC,OU=ITO,L=Moscow,C=RU', issuer `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', serial 0x1091dc2c81285a6ac43099d9807911f2, RSA key 2048 bits, signed using RSA-SHA256, activated `2021-03-10 13:11:13 UTC', expires `2021-09-08 13:11:13 UTC', pin-sha256="A11cXe/nKnLc57yB8f0qD6x5CXarK4dzIStUDKIA9K8="
        Public Key ID:
        Public Key PIN:

- Certificate[1] info:
 - subject `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', issuer `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', serial 0x00e40547830e0c6452976f7a3549c0dd48, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-01-21 12:00:00 UTC', expires `2025-01-18 12:00:00 UTC', pin-sha256="LNFe+yc4/NZbJVynpxAeAd+brU3EPwGbtwF6VeUjI/Y="
- Certificate[2] info:
 - subject `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', issuer `CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL', serial 0x00939285400165715f947f288fefc99b28, RSA key 2048 bits, signed using RSA-SHA256, activated `2008-10-22 12:07:37 UTC', expires `2027-06-10 10:46:39 UTC', pin-sha256="qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU="
|<2>| issuer in verification was not found or insecure; trying against trust list
|<2>| GNUTLS_SEC_PARAM_MEDIUM: certificate's signature hash strength is unacceptable (is 80 bits, needed 112)
- Status: The certificate is NOT trusted. The certificate chain uses insecure algorithm. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

## Expected results:

- Status: The certificate is trusted. 
- Description: (...)
- Session ID: (...)
- Options:
- Handshake was completed

- Simple Client Mode:

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1202
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210413/c9ee5b20/attachment.html>

More information about the Gnutls-devel mailing list