Bug#885127: GnuTLS update breaks self-signed certificates
Daniel Kahn Gillmor
dkg at debian.org
Fri Dec 29 21:32:37 UTC 2017
Control: tags 885127 + moreinfo unreproducible
On Fri 2017-12-29 14:38:14 +0200, Rémi Denis-Courmont wrote:
> The version of GnuTLS in Debian incorrectly flags self-signed certificates as
> insecure certificate chain algorithm. This makes no sense; the flag is for
> certificate chains using insecure algorithms such as MD2, MD5 and SHA-1.
sorry, i'm having a hard time seeing this. In the example you give below:
> This is reproducible also with gnutls-bin (both with Debian and upstream
> GnuTLS):
>
> # gnutls-cli self-signed.badssl.com
> Processed 148 CA certificate(s).
> Resolving 'self-signed.badssl.com:443'...
> Connecting to '104.154.89.105:443'...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `CN=*.badssl.com,O=BadSSL,L=San Francisco,ST=California,C=US',
> issuer `CN=*.badssl.com,O=BadSSL,L=San Francisco,ST=California,C=US', serial
> 0x0086fb4dc8e5dd0f18, RSA key 2048 bits, signed using RSA-SHA256, activated
> `2016-08-08 21:17:05 UTC', expires `2018-08-08 21:17:05 UTC', pin-
> sha256="9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8="
> Public Key ID:
> sha1:7965dfc93c6ae6fe8381ec482216ec44ef47282a
> sha256:f522e496c72fccc623f1ffb9da5a79cdefe16340851f22d23d0cd2a58608066f
> Public Key PIN:
> pin-sha256:9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=
> Public key's random art:
> +--[ RSA 2048]----+
> | |
> | . |
> | o . . o |
> | = o o o .o..|
> | + + S o . .=.|
> | E . + o + o .. .|
> | . . . + o +o |
> | . .+. . |
> | .o...|
> +-----------------+
>
> - Status: The certificate is NOT trusted. The certificate issuer is unknown.
> The certificate chain uses insecure algorithm.
> *** PKI verification of server certificate failed...
> *** Fatal error: Error in the certificate.
> *** handshake has failed: Error in the certificate.
the error says "The certificate issuer is unknown", which is surely the
*correct* response for a self-signed certificate when you haven't added
that certificate to your list of X.509 root authorities.
In the forwarded bug report
(https://gitlab.com/gnutls/gnutls/issues/347), Andreas says:
>>> a) gnutls-cli self-signed.badssl.com
>>> b) Generate a test-cert with "certtool --generate-self-signed " with
>>> default algoritms and use gnutls-serv/gnutls-cli
(though presumably not in that order)
well, i tried that, and things still worked for me.
in particular, to generate the self-signed certificate, i did:
certtool --generate-privkey --outfile key.pem
certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem
when answering the questions in the second invocation, i just hit enter
on everything except:
Common name: bad.example
The certificate will expire in (days): 30
Is this a TLS web server certificate? (y/N): y
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): n
Once that was done, i pointed bad.example to 127.0.0.1 in /etc/hosts,
launched the server with:
gnutls-serv --x509keyfile key.pem --x509certfile cert.pem
and then connected with the client like so:
gnutls-cli --x509cafile cert.pem bad.example:5556
everything worked successfully.
Can you give a clearer example of the problem you're seeing? I don't
see anything broken in my tests.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20171229/a7c64861/attachment-0003.sig>
More information about the Pkg-gnutls-maint
mailing list