<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/jacekkow">Jacek</a> created an issue <a href="https://gitlab.com/gnutls/gnutls/-/issues/1202">#1202</a>:
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">When trusted root CA is self-signed using SHA-1 algorithms (some roots that are still valid and issue certs do), certificate verification will always fail when <code>%PROFILE_MEDIUM</code> is specified.</p>
<p dir="auto">Certificates included in trust store should be trusted implicitly. SHA-1 vulnerabilities have no effect on security of such certs.</p>
<p dir="auto">Either trusted CAs should be excluded from MEDIUM profile checks or flag that could be chained with PROFILE_MEDIUM, similar to <code>%VERIFY_ALLOW_SIGN_WITH_SHA1</code> but for root/trusted CAs only, should be introduced.</p>
<p dir="auto">Also see:
<a href="https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1875920" rel="nofollow noreferrer noopener" target="_blank">https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1875920</a></p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">RHEL 8/CentOS 8 - 3.6.14</p>
<p dir="auto">Debian bullseye - 3.7.1</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">RHEL 8 / CentOS 8 / Debian bullseye (testing)</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Always.</p>
<h2 dir="auto">
<a id="user-content-steps-to-reproduce" class="anchor" href="#steps-to-reproduce" aria-hidden="true"></a>Steps to Reproduce:</h2>
<ul dir="auto">
<li><code>docker exec -i -t --rm debian:bullseye</code></li>
<li><code>apt update</code></li>
<li><code>apt install ca-certificates gnutls-bin</code></li>
<li><code>gnutls-cli --priority='PFS:%PROFILE_MEDIUM' --starttls-proto smtp --port 25 smtp.yandex.ru -d 2</code></li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">(Notice that all certificates sent by server are <code>signed using RSA-SHA256</code>)</p>
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">- Certificate type: X.509</span>
<span id="LC2" class="line" lang="plaintext">- Got a certificate list of 3 certificates.</span>
<span id="LC3" class="line" lang="plaintext">- Certificate[0] info:</span>
<span id="LC4" class="line" lang="plaintext"> - subject `CN=smtp.yandex.ru,O=Yandex LLC,OU=ITO,L=Moscow,C=RU', issuer `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', serial 0x1091dc2c81285a6ac43099d9807911f2, RSA key 2048 bits, signed using RSA-SHA256, activated `2021-03-10 13:11:13 UTC', expires `2021-09-08 13:11:13 UTC', pin-sha256="A11cXe/nKnLc57yB8f0qD6x5CXarK4dzIStUDKIA9K8="</span>
<span id="LC5" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC6" class="line" lang="plaintext"> sha1:cf865545c989534f54118f6b8498495d424f79fb</span>
<span id="LC7" class="line" lang="plaintext"> sha256:035d5c5defe72a72dce7bc81f1fd2a0fac790976ab2b8773212b540ca200f4af</span>
<span id="LC8" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC9" class="line" lang="plaintext"> pin-sha256:A11cXe/nKnLc57yB8f0qD6x5CXarK4dzIStUDKIA9K8=</span>
<span id="LC10" class="line" lang="plaintext"></span>
<span id="LC11" class="line" lang="plaintext">- Certificate[1] info:</span>
<span id="LC12" class="line" lang="plaintext"> - subject `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', issuer `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', serial 0x00e40547830e0c6452976f7a3549c0dd48, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-01-21 12:00:00 UTC', expires `2025-01-18 12:00:00 UTC', pin-sha256="LNFe+yc4/NZbJVynpxAeAd+brU3EPwGbtwF6VeUjI/Y="</span>
<span id="LC13" class="line" lang="plaintext">- Certificate[2] info:</span>
<span id="LC14" class="line" lang="plaintext"> - subject `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', issuer `CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL', serial 0x00939285400165715f947f288fefc99b28, RSA key 2048 bits, signed using RSA-SHA256, activated `2008-10-22 12:07:37 UTC', expires `2027-06-10 10:46:39 UTC', pin-sha256="qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU="</span>
<span id="LC15" class="line" lang="plaintext">|<2>| issuer in verification was not found or insecure; trying against trust list</span>
<span id="LC16" class="line" lang="plaintext">|<2>| GNUTLS_SEC_PARAM_MEDIUM: certificate's signature hash strength is unacceptable (is 80 bits, needed 112)</span>
<span id="LC17" class="line" lang="plaintext">- Status: The certificate is NOT trusted. The certificate chain uses insecure algorithm. </span>
<span id="LC18" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>
<span id="LC19" class="line" lang="plaintext">*** Fatal error: Error in the certificate.</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">- Status: The certificate is trusted. </span>
<span id="LC2" class="line" lang="plaintext">- Description: (...)</span>
<span id="LC3" class="line" lang="plaintext">- Session ID: (...)</span>
<span id="LC4" class="line" lang="plaintext">- Options:</span>
<span id="LC5" class="line" lang="plaintext">- Handshake was completed</span>
<span id="LC6" class="line" lang="plaintext"></span>
<span id="LC7" class="line" lang="plaintext">- Simple Client Mode:</span></code></pre>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1202">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/ae27ba07484d22b9f9e6e77852677b01/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1202"}}</script>
</p>
</div>
</body>
</html>