Bug#1007138: libgnutls30: fails on Let's Encrypt chains due to blacklisted expired root certificate

[Paul Wise]

Control: retitle -1 libgnutls30: fails to validate when there is junk in the cert chain, including duplicated server certs

On Sun, 17 Jul 2022 09:40:09 +0800 Paul Wise wrote:

> I have seen this issue (duplicate server cert) on several other
> sites.

Seems this issue is broader than just duplicate server certs, I just
found a site that has a Thawte CA cert as its first cert in the cert
chain instead of the LE/ISRG CA certs. This site works just fine with
OpenSSL and NSS but not with GnuTLS.

$ gnutls-cli neo900.org < /dev/null
Processed 127 CA certificate(s).
Resolving 'neo900.org:443'...
Connecting to '207.154.223.212:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=neo900.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x047b33482e681f3a1ac7d3c5ccfd88ec782a, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-06-28 06:54:18 UTC', expires `2022-09-26 06:54:17 UTC', pin-sha256="PwlhvXvPqmAlJKlxSnEAkmSmjkg4sAhebliU+AznV1k="
        Public Key ID:
                sha1:6613298f366b86c7f160c573fa2cd2a9207fe0bd
                sha256:3f0961bd7bcfaa602524a9714a71009264a68e4838b0085e6e5894f80ce75759
        Public Key PIN:
                pin-sha256:PwlhvXvPqmAlJKlxSnEAkmSmjkg4sAhebliU+AznV1k=

- Certificate[1] info:
 - subject `CN=Thawte TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US', issuer `CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 0x090ee8c5de5bfa62d2ae2ff7097c4857, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-11-02 12:24:25 UTC', expires `2027-11-02 12:24:25 UTC', pin-sha256="42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20220717/46de2fcc/attachment.sig>