[gnutls-devel] GnuTLS | verification error on duplicate server cert in chain (#1335)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Mar 12 13:44:59 CET 2022 


Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1335



Hello,

gnutls fails to verify ci.debian.net
~~~
*prompt*> gnutls-cli   ci.debian.net
*** Fatal error: Error in the certificate.
Processed 127 CA certificate(s).
Resolving 'ci.debian.net:443'...
Connecting to '52.34.117.196:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=ci.debian.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04568ce008fea2f0063e06ef52b45111a3ec, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2022-01-16 23:00:15 UTC', expires `2022-04-16 23:00:14 UTC', pin-sha256="rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o="
	Public Key ID:
		sha1:344bd3eb5105d3b830dd87f6f5e4435e8aacdf6d
		sha256:ad60bf96ef3f8a50d84279e45abf4950fdd3852ae9e4f8b4f211575afde1effa
	Public Key PIN:
		pin-sha256:rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o=

- Certificate[1] info:
 - subject `CN=ci.debian.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04568ce008fea2f0063e06ef52b45111a3ec, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2022-01-16 23:00:15 UTC', expires `2022-04-16 23:00:14 UTC', pin-sha256="rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
~~~

Looking at the output there seems to be  a minor configuration issue, the server certificate is sent twice. I have grabbed the certs with `gnutls-cli --save-cert` (which yields a file with different order than the one reported by gnutls-cli (ci.debian.net, R3, ci.debian.net, ISRG Root X1) and got a error with certtool, too:
~~~
ametzler at argenau:~$ certtool --infile=/tmp/ci.pem --verify
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Loaded system trust (127 CAs available)
        Subject: CN=ci.debian.net
        Issuer: CN=R3,O=Let's Encrypt,C=US
        Signature algorithm: RSA-SHA256
        Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.

        Subject: CN=ci.debian.net
        Issuer: CN=R3,O=Let's Encrypt,C=US
        Signature algorithm: RSA-SHA256
        Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.

Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.
~~~
Removing the second instance of ci.debian.net cert from the file lets certtool succeed:
~~~
ametzler at argenau:~$ certtool --infile=/tmp/ci-noduplicate.pem --verify
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Loaded system trust (127 CAs available)
        Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
        Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
        Signature algorithm: RSA-SHA256
        Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.

        Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
        Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
        Checked against: CN=ISRG Root X1,O=Internet Security Research Group,C=US
        Signature algorithm: RSA-SHA256
        Output: Verified. The certificate is trusted.

        Subject: CN=R3,O=Let's Encrypt,C=US
        Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
        Checked against: CN=ISRG Root X1,O=Internet Security Research Group,C=US
        Signature algorithm: RSA-SHA256
        Output: Verified. The certificate is trusted.

        Subject: CN=ci.debian.net
        Issuer: CN=R3,O=Let's Encrypt,C=US
        Checked against: CN=R3,O=Let's Encrypt,C=US
        Signature algorithm: RSA-SHA256
        Output: Verified. The certificate is trusted.

Chain verification output: Verified. The certificate is trusted.
~~~
ISRG_Root_X1.pem is in the truststore, so the minimal fails/works testcases are
~~~
certtool --infile=/tmp/ci.pem --verify --load-ca-certificate=/etc/ssl/certs/ISRG_Root_X1.pem
certtool --infile=/tmp/ci-noduplicate.pem --verify --load-ca-certificate=/etc/ssl/certs/ISRG_Root_X1.pem
~~~
[ci.pem](/uploads/c901d1e2a9eb4c13b5ab4acf1fe5e69d/ci.pem)

[ci-noduplicate.pem](/uploads/c1652b030c7357ed2d741ba5600d85ae/ci-noduplicate.pem)[ISRG_Root_X1.pem](/uploads/1cd5f6fe2c92ad58398de3f14fd4241f/ISRG_Root_X1.pem)

This looks very similar to #1131.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1335
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220312/27569670/attachment.html>

More information about the Gnutls-devel mailing list