[gnutls-help] Problem with OCSP status in gnutls-cli

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri Dec 15 15:52:36 CET 2017

On Wed, Dec 13, 2017 at 1:26 PM, Johannes Bauer <dfnsonfsduifb at gmx.de> wrote:
> Hi Nikos,
> On 13.12.2017 12:46, Nikos Mavrogiannopoulos wrote:
>>> So, for now, this works as a workaround for me -- but I do think that is
>>> unintended behavior on gnuTLS' side, isn't it?
>> I'm not sure. There is already a test for that (see
>> tests/ocsp-tests/ocsp-tls-connection) and gnutls-cli seems to be able
>> to connect. Could you help me by providing a reproducer to the issue?
> Sure thing! I've created a blob, ocsp_reproducer.tar.gz (attached at
> bottom), that contains all certificates and an OCSP response which I
> crafted to be valid for a year. It relies on OpenSSL (possibly 1.1,
> don't know when the -status_file option was added). Here's how it works:

Thank you. I checked it further and it seems that openssl s_client
doesn't seem to check/verify any OCSP responses given. That's why you
see it working on that server.

gnutls attempts OCSP verification with the following steps:
1. reads the included certificates in the OCSP response.
 [no such certs are included in that response]
2. If that fails, it extracts the DN of the OCSP signer and search the
included trusted list based on DN.
 [no DN is included in the OCSP response; only a hash of the DN]
3. If all of the above fails, it will try to verify against the
client's issuer certificate in the presented chain.
 [fails because the server chain doesn't include its issuer]

Did you generate this OCSP response based on some rules which
suggested to have it that way? I suspect it would be possible to
extend the trust database searching (in gnutls and p11-kit as well)
using SHA1 hash of fields, but that would not be a trivial change.


OCSP Response Information:
    Response Status: Successful
    Response Type: Basic OCSP Response
    Version: 1
    Responder Key ID: 4d5ddb9d963896e0f16028fabd2a8f8e083329c6
    Produced At: Wed Dec 13 12:12:05 UTC 2017
        Certificate ID:
            Hash Algorithm: SHA1
            Issuer Name Hash: b731f8dc9366b6a1b427daa84e53909fa28b9a71
            Issuer Key Hash: 4d5ddb9d963896e0f16028fabd2a8f8e083329c6
            Serial Number: 6313d7d35516497c5e48d7dff323724a
        Certificate Status: good
        This Update: Wed Dec 13 09:12:05 UTC 2017
        Next Update: Thu Dec 13 12:12:05 UTC 2018

More information about the Gnutls-help mailing list