Bug#607616: libgnutls26: the GnuTLS searches CA certs by subject and stops on first? (fails on more CA with the same subj)

Vaclav Ovsik vaclav.ovsik at gmail.com
Mon Dec 20 10:19:17 UTC 2010


Package: libgnutls26
Version: 2.8.6-1
Severity: normal

Hi,
after renewing intermediate CA certificate of our company CA I can't
connect to some servers using ldaps. GnuTLS validation is broken.
Renewed CA has the same subject as previous. The certs are accessible at
http://www.i.cz/ca/ (Issued by MS CA).

  zito at bobek:/usr/share/ca-certificates/local$ openssl x509 -subject -dates -serial -noout -in ICZ-Issuing-CA.crt
  subject= /C=CZ/O=ICZ a.s./CN=ICZ Issuing CA
  notBefore=Oct 16 12:05:52 2007 GMT
  notAfter=Oct 16 12:15:52 2011 GMT
  serial=1101979C000000000002
  zito at bobek:/usr/share/ca-certificates/local$ openssl x509 -subject -dates -serial -noout -in ICZ-Issuing-CA-1.crt
  subject= /C=CZ/O=ICZ a.s./CN=ICZ Issuing CA
  notBefore=Oct 15 11:06:03 2010 GMT
  notAfter=Oct 15 11:16:03 2014 GMT
  serial=6106B6F4000000000003
  zito at bobek:/usr/share/ca-certificates/local$ 

I think it is legal to have subject DN the same for successive
certificates.

  zito at bobek:~$ grep ICZ /etc/ca-certificates.conf
  local/ICZ-Issuing-CA.crt
  local/ICZ-Issuing-CA-1.crt
  local/ICZ-Root-CA.crt
  zito at bobek:~$ sudo update-ca-certificates 
  Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d....
  updating keystore /etc/ssl/certs/java/cacerts...
  done.
  done.

According the above the old Issuing CA cert is the first now.

Connection to a server with a cert issued by the new CA:

  zito at bobek:~$ gnutls-cli  --x509cafile /etc/ssl/certs/ca-certificates.crt  -p 636 foo.i.cz
  Processed 146 CA certificate(s).
  Resolving 'foo.i.cz'...
  Connecting to '10.0.0.2:636'...
  - Successfully sent 0 certificate(s) to server.
  - Server has requested a certificate.
  - Certificate type: X.509
   - Got a certificate list of 2 certificates.
   - Certificate[0] info:
    - subject `C=CZ,ST=Czech Republic,L=Prague,O=ICZ a.s.,CN=foo.i.cz', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-12-17 15:10:36 UTC', expires `2011-12-17 15:10:36 UTC', SHA-1 fingerprint `b92db94bb3386f9906c154879a2b6c6390e3a5af'
   - Certificate[1] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-10-15 11:06:03 UTC', expires `2014-10-15 11:16:03 UTC', SHA-1 fingerprint `b95fb82d16fe06c316465ac087b335ad3d938e99'
  - The hostname in the certificate matches 'foo.i.cz'.
  - Peer's certificate is NOT trusted
  - Version: TLS1.0
  - Key Exchange: RSA
  - Cipher: ARCFOUR-128
  - MAC: MD5
  - Compression: NULL
  *** Verifying server certificate failed...

Connection to a server with a cert issued by the old CA:

  zito at bobek:~$ gnutls-cli  --x509cafile /etc/ssl/certs/ca-certificates.crt  bar.i.cz
  Processed 146 CA certificate(s).
  Resolving 'bar.i.cz'...
  Connecting to '10.0.0.1:443'...
  - Ephemeral Diffie-Hellman parameters
   - Using prime: 1024 bits
   - Secret key: 1022 bits
   - Peer's public key: 1024 bits
  - Certificate type: X.509
   - Got a certificate list of 4 certificates.
   - Certificate[0] info:
    - subject `C=CZ,O=ICZ a.s.,OU=Machines,CN=bar.i.cz', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', RSA key 1024 bits, signed using RSA-SHA, activated `2010-08-16 08:59:50 UTC', expires `2011-08-16 08:59:50 UTC', SHA-1 fingerprint `5a1d9f505fdc80e46b3e6594b1eed80a3b95a523'
   - Certificate[1] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2007-10-16 08:06:26 UTC', expires `2014-10-16 08:15:03 UTC', SHA-1 fingerprint `ea02ef9e4bc20f822a9bd2adb4dc263749f89241'
   - Certificate[2] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2007-10-16 12:05:52 UTC', expires `2011-10-16 12:15:52 UTC', SHA-1 fingerprint `daa9c584ba23020fc9c3d266a2ba65d739e9f5f4'
   - Certificate[3] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-10-15 11:06:03 UTC', expires `2014-10-15 11:16:03 UTC', SHA-1 fingerprint `b95fb82d16fe06c316465ac087b335ad3d938e99'
  - The hostname in the certificate matches 'bar.i.cz'.
  - Peer's certificate is trusted
  - Version: TLS1.0
  - Key Exchange: DHE-RSA
  - Cipher: AES-128-CBC
  - MAC: SHA1
  - Compression: NULL
  - Handshake was completed
  
  - Simple Client Mode:


Reordering Issuing CA certs, so the new CA will be the first...

  zito at bobek:~$ grep ICZ /etc/ca-certificates.conf
  local/ICZ-Issuing-CA-1.crt
  local/ICZ-Issuing-CA.crt
  local/ICZ-Root-CA.crt
  zito at bobek:~$ sudo update-ca-certificates 
  Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d....
  updating keystore /etc/ssl/certs/java/cacerts...
  done.
  done.

Connection to a server with a cert issued by the new CA:

  zito at bobek:~$ gnutls-cli  --x509cafile /etc/ssl/certs/ca-certificates.crt  -p 636 foo.i.cz
  Processed 146 CA certificate(s).
  Resolving 'foo.i.cz'...
  Connecting to '10.0.0.2:636'...
  - Successfully sent 0 certificate(s) to server.
  - Server has requested a certificate.
  - Certificate type: X.509
   - Got a certificate list of 2 certificates.
   - Certificate[0] info:
    - subject `C=CZ,ST=Czech Republic,L=Prague,O=ICZ a.s.,CN=foo.i.cz', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-12-17 15:10:36 UTC', expires `2011-12-17 15:10:36 UTC', SHA-1 fingerprint `b92db94bb3386f9906c154879a2b6c6390e3a5af'
   - Certificate[1] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-10-15 11:06:03 UTC', expires `2014-10-15 11:16:03 UTC', SHA-1 fingerprint `b95fb82d16fe06c316465ac087b335ad3d938e99'
  - The hostname in the certificate matches 'foo.i.cz'.
  - Peer's certificate is trusted
  - Version: TLS1.0
  - Key Exchange: RSA
  - Cipher: ARCFOUR-128
  - MAC: MD5
  - Compression: NULL
  - Handshake was completed
  
  - Simple Client Mode:


Connection to a server with a cert issued by the old CA:

  zito at bobek:~$ gnutls-cli  --x509cafile /etc/ssl/certs/ca-certificates.crt  bar.i.cz
  Processed 146 CA certificate(s).
  Resolving 'bar.i.cz'...
  Connecting to '10.0.0.1:443'...
  - Ephemeral Diffie-Hellman parameters
   - Using prime: 1024 bits
   - Secret key: 1022 bits
   - Peer's public key: 1022 bits
  - Certificate type: X.509
   - Got a certificate list of 4 certificates.
   - Certificate[0] info:
    - subject `C=CZ,O=ICZ a.s.,OU=Machines,CN=bar.i.cz', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', RSA key 1024 bits, signed using RSA-SHA, activated `2010-08-16 08:59:50 UTC', expires `2011-08-16 08:59:50 UTC', SHA-1 fingerprint `5a1d9f505fdc80e46b3e6594b1eed80a3b95a523'
   - Certificate[1] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2007-10-16 08:06:26 UTC', expires `2014-10-16 08:15:03 UTC', SHA-1 fingerprint `ea02ef9e4bc20f822a9bd2adb4dc263749f89241'
   - Certificate[2] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2007-10-16 12:05:52 UTC', expires `2011-10-16 12:15:52 UTC', SHA-1 fingerprint `daa9c584ba23020fc9c3d266a2ba65d739e9f5f4'
   - Certificate[3] info:
    - subject `C=CZ,O=ICZ a.s.,CN=ICZ Issuing CA', issuer `C=CZ,O=ICZ a.s.,CN=ICZ Root CA', RSA key 2048 bits, signed using RSA-SHA, activated `2010-10-15 11:06:03 UTC', expires `2014-10-15 11:16:03 UTC', SHA-1 fingerprint `b95fb82d16fe06c316465ac087b335ad3d938e99'
  - The hostname in the certificate matches 'bar.i.cz'.
  - Peer's certificate is NOT trusted
  - Version: TLS1.0
  - Key Exchange: DHE-RSA
  - Cipher: AES-128-CBC
  - MAC: SHA1
  - Compression: NULL
  *** Verifying server certificate failed...


Hostnames and IP addresses was substituted...

As you can see the reordering of CA certificates can't work.
Openssl s_client handles this situation correctly.
Best Regards
-- 
Zito

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgnutls26 depends on:
ii  libc6                   2.11.2-7         Embedded GNU C Library: Shared lib
ii  libgcrypt11             1.4.5-2          LGPL Crypto library - runtime libr
ii  libtasn1-3              2.7-1            Manage ASN.1 structures (runtime)
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

libgnutls26 recommends no packages.

Versions of packages libgnutls26 suggests:
ii  gnutls-bin                    2.8.6-1    the GNU TLS library - commandline 

-- no debconf information





More information about the Pkg-gnutls-maint mailing list