[gnutls-devel] GnuTLS | verification error on duplicate server cert in chain (#1335)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Jun 23 17:58:52 CEST 2022 



Martin 'JaMa' Jansa commented:


archive.mesa3d.org can be used as another testcase:

```
$ gnutls-cli archive.mesa3d.org
Processed 136 CA certificate(s).
Resolving 'archive.mesa3d.org:443'...
Connecting to '131.252.210.176:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x034b691f41ef93f5d205f6678f5e065a9975, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-05-05 00:25:27 UTC', expires `2022-08-03 00:25:26 UTC', pin-sha256="qg5rLg63UE4MvpjUZp40sqzqc4YJH3Fc3yv9EKQKkD0="
        Public Key ID:
                sha1:8bbb9c1cef01c1ec2ae8c50bb720045e7a9427a2
                sha256:aa0e6b2e0eb7504e0cbe98d4669e34b2acea7386091f715cdf2bfd10a40a903d
        Public Key PIN:
                pin-sha256:qg5rLg63UE4MvpjUZp40sqzqc4YJH3Fc3yv9EKQKkD0=

- Certificate[1] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x034b691f41ef93f5d205f6678f5e065a9975, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-05-05 00:25:27 UTC', expires `2022-08-03 00:25:26 UTC', pin-sha256="qg5rLg63UE4MvpjUZp40sqzqc4YJH3Fc3yv9EKQKkD0="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1335#note_1003106235
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220623/15a9d6a3/attachment.html>

More information about the Gnutls-devel mailing list