[Help-gnutls] Re: gnutls fails to verify server sertificate while openssl works

[Peter Volkov]

CC'ing openssl developers for their opinions, since I think this
behavior better to have consistent or configurable. Description of the
problem is here:

http://thread.gmane.org/gmane.network.gnutls.general/1383

В Птн, 03/10/2008 в 17:51 +0200, Simon Josefsson пишет:
> Peter Volkov <pva at gentoo.org> writes:
> > peter at camobap ~ $ /usr/bin/gnutls-cli -V \
>   --x509cafile /usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt \
>     metasploit.com > gnutls-cli.out
> 
> The certificate chain returned by that server appears to be:
> 
> cert[0]
>  # Subject's DN: O=metasploit.com,OU=Domain Control Validated,CN=metasploit.com
>  # Issuer's DN: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287
> 
> cert[1]
>  # Subject's DN: C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority
>  # Issuer's DN: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,EMAIL=info@valicert.com
> 
> cert[2]
>  # Subject's DN: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287
>  # Issuer's DN: C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority
> 
> As far as I can tell, that isn't a valid certificate chain.  The issuer
> of the first, end-entity, certificate isn't the subject of the middle
> certificate in the chain.  It seems as if the final two certificates in
> the chain are swapped.
> 
> According to RFC 4346 (earlier TLS specifications contains similar
> wording):
> 
>    certificate_list
>       This is a sequence (chain) of X.509v3 certificates.  The sender's
>       certificate must come first in the list.  Each following
>       certificate must directly certify the one preceding it.  Because
>                   ^^^^
>       certificate validation requires that root keys be distributed
>       independently, the self-signed certificate that specifies the root
>       certificate authority may optionally be omitted from the chain,
>       under the assumption that the remote end must already possess it
>       in order to validate it in any case.
> 
> So I'd say this is a server configuration error.

Simon, I agree that this is configuration issue. But since openssl does
validates this chain and people use openssl to check server
configuration, I'm not sure what should be done here. Possibly openssl
should report about this wrong certificate chain. Or may be gnutls
should have option to warn but still validate this chain? Or may be
openssl should not validate such chains at all (seems best solution as
it's always good to follow RFC's)?


P.S. since both openssl and gnutls mailing lists require subscription
here are links to subscription forms:
http://lists.gnu.org/mailman/listinfo/help-gnutls
http://www.openssl.org/support/

-- 
Peter.