GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification
nmav at gnutls.org
Tue Oct 30 14:17:49 CET 2012
On Tue, Oct 30, 2012 at 10:04 AM, Michal Suchanek <hramrach at gmail.com> wrote:
> when this flag is set some certificates cannot be verified.
> hermes.jabber.org sends a certificate chain laid out like
> S R I where S is the server certificate, R is root certificate, and I
> is intermediate certificate which signs S and is signed by R. R is
> known CA.
> gnutls-cli version 2.8.6, 3.0.20 and 3.0.22 cannot verify the
> certificate. gnutls-cli version 3.1.3 can.
> Upgrading gnutls to 3.1 does not enable an application to verify
> certificate unless the code setting GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
> is disabled in the application.
The GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is a dangerous flag and you
shouldn't use it unless you really know the consequences. In short it
means that an end-user certificate may pretend to be a CA.
Now for the issue you see. It is because you do not set the flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. If you set this flag then unsorted
chains will be sorted prior to verification. The reason you see this
failure is because this flag is enabled by default on a credentials
structure, unless it is overridden by other flags as you do.
More information about the Gnutls-help