<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/romankulikov">Roman Kulikov</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1255">#1255</a>
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">gnutls treats certificates as invalid if trust store contains a cert with duplicating extensions. It looks like in a such case when gnutls loads certs from trust store and meets one with duplicating extensions it aborts the whole load and finally has zero trusted CA certs for verification procedure.</p>
<p dir="auto">I hit this problem after the recent update of Homebrew on my macOS 11.4 when openconnect which uses gnutls stopped connecting to VPN server. Digging deeper showed that trust store was rebuilt with System keychain which contains "com.apple.kerberos.kdc" certificate with two "Extended Key Usage" extensions on my system.</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">3.6.16</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">Homebrew (macOS 11.4)</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Here I'm using gnutls repository as a source of certificates. And gnutls-certtool binary from Homebrew installation.</p>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>Checkout gnutls repo
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ git clone https://github.com/gnutls/gnutls.git && cd gnutls</span></code></pre>
</li>
<li>Generate test certificate
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-certtool --generate-privkey --bits 4096 --outfile test.key</span>
<span id="LC2" class="line" lang="plaintext">** Note: You may use '--sec-param High' instead of '--bits 4096'</span>
<span id="LC3" class="line" lang="plaintext">Generating a 4096 bit RSA private key...</span>
<span id="LC4" class="line" lang="plaintext">$ gnutls-certtool --generate-certificate --load-ca-certificate tests/ocsp-tests/certs/ca.pem --load-ca-privkey tests/ocsp-tests/certs/ca.key --load-privkey test.key --outfile test.pem</span>
<span id="LC5" class="line" lang="plaintext">Generating a signed certificate...</span>
<span id="LC6" class="line" lang="plaintext">Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.</span>
<span id="LC7" class="line" lang="plaintext">Common name: test</span>
<span id="LC8" class="line" lang="plaintext">UID: </span>
<span id="LC9" class="line" lang="plaintext">Organizational unit name: test</span>
<span id="LC10" class="line" lang="plaintext">Organization name: test</span>
<span id="LC11" class="line" lang="plaintext">Locality name: </span>
<span id="LC12" class="line" lang="plaintext">State or province name: </span>
<span id="LC13" class="line" lang="plaintext">Country name (2 chars): </span>
<span id="LC14" class="line" lang="plaintext">Enter the subject's domain component (DC): </span>
<span id="LC15" class="line" lang="plaintext">This field should not be used in new certificates.</span>
<span id="LC16" class="line" lang="plaintext">E-mail: </span>
<span id="LC17" class="line" lang="plaintext">Enter the certificate's serial number in decimal (123) or hex (0xabcd)</span>
<span id="LC18" class="line" lang="plaintext">(default is 0x0410fb0070d12440dfb74d2b867ac95584006b7d)</span>
<span id="LC19" class="line" lang="plaintext">value: </span>
<span id="LC20" class="line" lang="plaintext"></span>
<span id="LC21" class="line" lang="plaintext"></span>
<span id="LC22" class="line" lang="plaintext">Activation/Expiration time.</span>
<span id="LC23" class="line" lang="plaintext">The certificate will expire in (days): 1</span>
<span id="LC24" class="line" lang="plaintext"></span>
<span id="LC25" class="line" lang="plaintext"></span>
<span id="LC26" class="line" lang="plaintext">Extensions.</span>
<span id="LC27" class="line" lang="plaintext">Does the certificate belong to an authority? (y/N): N</span>
<span id="LC28" class="line" lang="plaintext">Is this a TLS web client certificate? (y/N): N</span>
<span id="LC29" class="line" lang="plaintext">Will the certificate be used for IPsec IKE operations? (y/N): N</span>
<span id="LC30" class="line" lang="plaintext">Is this a TLS web server certificate? (y/N): y</span>
<span id="LC31" class="line" lang="plaintext">Enter a dnsName of the subject of the certificate: test</span>
<span id="LC32" class="line" lang="plaintext">Enter an additional dnsName of the subject of the certificate: </span>
<span id="LC33" class="line" lang="plaintext">Enter a URI of the subject of the certificate: </span>
<span id="LC34" class="line" lang="plaintext">Enter the IP address of the subject of the certificate: </span>
<span id="LC35" class="line" lang="plaintext">Will the certificate be used for signing (DHE ciphersuites)? (Y/n): n</span>
<span id="LC36" class="line" lang="plaintext">Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): n</span>
<span id="LC37" class="line" lang="plaintext">Will the certificate be used for data encryption? (y/N): N</span>
<span id="LC38" class="line" lang="plaintext">Will the certificate be used to sign OCSP requests? (y/N): N</span>
<span id="LC39" class="line" lang="plaintext">Will the certificate be used to sign code? (y/N): </span>
<span id="LC40" class="line" lang="plaintext">Will the certificate be used for time stamping? (y/N): N</span>
<span id="LC41" class="line" lang="plaintext">Will the certificate be used for email protection? (y/N): N</span>
<span id="LC42" class="line" lang="plaintext"><...skipped...></span>
<span id="LC43" class="line" lang="plaintext">Signing certificate...</span></code></pre>
</li>
<li>Test new cert is ok:
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ cp tests/ocsp-tests/certs/ca.pem trust-store.pem</span>
<span id="LC2" class="line" lang="plaintext">$ gnutls-certtool --load-ca-certificate trust-store.pem --verify --infile test.pem</span>
<span id="LC3" class="line" lang="plaintext">Loaded CAs (1 available)</span>
<span id="LC4" class="line" lang="plaintext"> Subject: O=test,OU=test,CN=test</span>
<span id="LC5" class="line" lang="plaintext"> Issuer: CN=Testing Authority</span>
<span id="LC6" class="line" lang="plaintext"> Checked against: CN=Testing Authority</span>
<span id="LC7" class="line" lang="plaintext"> Signature algorithm: RSA-SHA256</span>
<span id="LC8" class="line" lang="plaintext"> Output: Verified. The certificate is trusted. </span>
<span id="LC9" class="line" lang="plaintext"></span>
<span id="LC10" class="line" lang="plaintext">Chain verification output: Verified. The certificate is trusted.</span></code></pre>
</li>
<li>Add certificate with duplicating extensions to trust store and check our cert:
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ cat tests/cert-tests/data/dup-exts.pem >>trust-store.pem</span>
<span id="LC2" class="line" lang="plaintext">$ gnutls-certtool --load-ca-certificate trust-store.pem --verify --infile test.pem</span></code></pre>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">Test certificate is considered invalid:</p>
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">Note that no verification profile was selected. In the future the medium profile will be enabled by default.</span>
<span id="LC2" class="line" lang="plaintext">Use --verify-profile low to apply the default verification of NORMAL priority string.</span>
<span id="LC3" class="line" lang="plaintext">gnutls_x509_trust_add_trust_file: Duplicate extension in X.509 certificate.</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">Test certificate is considered valid because trust store does contain proper valid CA certificate.</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1255">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/876f1c9ed00b8e04118f2325caab0573/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1255"}}</script>


</p>
</div>
</body>
</html>