Bug#782630: libgnutls26: Issue parsing some server certificates

Benoît Allard benoit.allard at greenbone.net
Wed Apr 15 07:57:14 UTC 2015 

Package: libgnutls26
Version: 2.12.20-8+deb7u2
Severity: important

Dear Maintainer,

I discovered that gnutls on wheezy is having trouble parsing some server
certificates. If I add the leaf certificate to my list of CA it works
fine, but with the (provided by ca-certificates) CA, it refuses to
establish the connection.

The issue can be reproduced with::

    wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml

Which goes wrong (unknown issuer). The following goes well (Where
``EntrustCertificationAuthority-L1K`` is a local copy of the ``Entrust
Certification Authority - L1K`` certificate)::

    wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml
--ca-certificate=EntrustCertificationAuthority-L1K

GnuTLS seems to be unable to parse the certificate for "Entrust Root
Certification Authority - G2" correctly.

A similar trouble seems to be described here:
http://www.linuxquestions.org/questions/debian-26/wget-certificate-error-4175495817/

Let me know If I can provide you with more information.

Best Regards,
Ben.

[ This issue was reported to the GnuTLS Maintainer ML here first:
http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2015-April/006457.html]

Information:
Debian Release: 7.8
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgnutls26 depends on:
ii  libc6              2.13-38+deb7u8
ii  libgcrypt11        1.5.0-5+deb7u2
ii  libp11-kit0        0.20.2-1~bpo70+1
ii  libtasn1-3         2.13-2+deb7u1
ii  multiarch-support  2.13-38+deb7u8
ii  zlib1g             1:1.2.7.dfsg-13

libgnutls26 recommends no packages.

libgnutls26 suggests no packages.

-- no debconf information

-- 
Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20150415/c4d0a9a2/attachment.sig>

More information about the Pkg-gnutls-maint mailing list