[gnutls-devel] GnuTLS | gnutls-cli: misleading output when verifying cross-signed certificate chain (#1477)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Mar 31 15:09:53 CEST 2023

Dimitrios Apostolou created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1477

Running gnutls-cli against letsencrypt.org shows the following output:
$ gnutls-cli -p 443 letsencrypt.org
Processed 414 CA certificate(s).
Resolving 'letsencrypt.org:443'...
Connecting to ''...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=lencr.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04eac294a0e61035d8254d5a04f61a37c802, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-02-02 00:00:24 UTC', expires `2023-05-03 00:00:23 UTC', pin-sha256="Z01UftPixvNAGu26I3rx4bremFOKT/7UjuLFSPF42PA="
        Public Key ID:
        Public Key PIN:

- Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is trusted. 
The last line leads us to believe that **the last certificate on the chain is trusted**.

However this is not the case. If I use gnutls-cli with `--print-cert` and copy-paste the certificates into their own files, `certtool` reports that **certificate[2] is untrusted**, but **certificate[1] one is trusted**.

This is because certificate[2] is issued by an expired CA, and certificate[1] is cross-signed by both certificate[2] (invalid trust) and by a trusted CA.

This is not trivial to figure out. gnutls-cli should print information on what path it used to verify the chain, and not just print "certificate trusted" under the last certificate. A quick fix would be to just print "certificate[0] trusted" to avoid any confusion. But still it would be nice to have some verbose output on how gnutls came to that conclusion.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1477
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230331/1af60768/attachment-0001.html>

More information about the Gnutls-devel mailing list