Bug#513922: Fails to verify good(?) signature

Simon Josefsson simon at josefsson.org
Mon Feb 2 14:54:18 UTC 2009

Joachim Breitner <nomeata at debian.org> writes:

> Hi Simon,
> Am Montag, den 02.02.2009, 15:40 +0100 schrieb Simon Josefsson:
>> > Package: libgnutls26
>> > Version: 2.4.2-5
>> > Severity: important
>> >
>> > Hi Andreas,
>> >
>> > with your recent upload of gnults, this signature of a host with a
>> > recently generated cacert signature is no longer valid:
>> >
>> > $ gnutls-cli -VV fry.serverama.de -p 443 --x509cafile /etc/ssl/certs/ca-certificates.crt 
>> ...
>> > - Peer's certificate is NOT trusted
>> CACert's intermediate certificate is signed using RSA-MD5, so it won't
>> pass GnuTLS chain verification logic.
> Ah, ok, that explains it of course. I didn’t spot any MD5 in the verbose
> output, so I thought this was unexpected behavior.

Indeed.  It seems gnutls-cli uses its own way to print certificate
information.  I think it should use the GnuTLS standard certificate
formatting functions instead, and I'm looking into making that happen
for GnuTLS 2.7.x.  This will reduce duplicated code.

>> As a workaround, add the --insecure parameter.
>> We should probably consider to back-port Donald's logic to short-circuit
>> chain verification as soon as you have a trusted cert: then you could
>> chose to trust CACerts intermediate cert, and then there is no need to
>> rely on RSA-MD5 to trust this chain.  I'll test if the patch would help
>> in your situation.
> The error occured when using using subversion, and there I can just add
> the certificate directly to the trusted certificate ones, so from my
> PoV, there is no urgent need for this.


> It would be nice, though, especially if the intermediate certificate
> could be added to the ca-certificates package.

As far as I can tell, it is already present?

jas at mocca:~/src/gnutls master$ dpkg -L ca-certificates|grep cacert\\.org
jas at mocca:~/src/gnutls master$ 

However merely adding the intermediate certificate to your trusted certs
won't help unless we back-port Donalds patch: right now GnuTLS will
always validate the entire chain (which will fail here), even if you
happen to trust some intermediate certs.


More information about the Pkg-gnutls-maint mailing list