Bug#885127: GnuTLS update breaks self-signed certificates

[Andreas Metzler]

On 2017-12-29 Daniel Kahn Gillmor <dkg at debian.org> wrote:
> On Fri 2017-12-29 14:38:14 +0200, Rémi Denis-Courmont wrote:
>> The version of GnuTLS in Debian incorrectly flags self-signed
>> certificates as insecure certificate chain algorithm. This makes no
>> sense; the flag is for certificate chains using insecure algorithms
>> such as MD2, MD5 and SHA-1.

> sorry, i'm having a hard time seeing this.  In the example you give below:

>> This is reproducible also with gnutls-bin (both with Debian and upstream 
>> GnuTLS):
[...]
>> - Status: The certificate is NOT trusted. The certificate issuer is unknown. 
>> The certificate chain uses insecure algorithm. 
>> *** PKI verification of server certificate failed...
>> *** Fatal error: Error in the certificate.
>> *** handshake has failed: Error in the certificate.


> the error says "The certificate issuer is unknown", which is surely the
> *correct* response for a self-signed certificate when you haven't added
> that certificate to your list of X.509 root authorities.
[...]

Daniel, I agree that ""The certificate issuer is unknown" would be the
correct error message. However gnutls *additionally* throws an "The
certificate chain uses insecure algorithm." And the latter is afaict
wrong. There is no insecure algorim involved, the self-signature uses
"RSA-SHA256". (I had tried to make this clear with Actual
results/Expected results in the upstream report.)

cu Andresas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'