Bug 880188 - gnutls: will not accept X.509 version 1 root CAs by default
Summary: gnutls: will not accept X.509 version 1 root CAs by default
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gnutls
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-26 13:17 UTC by Florian Weimer
Modified: 2014-12-03 12:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-03 12:05:57 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Florian Weimer 2012-11-26 13:17:17 UTC
Description of problem:

GNUTLS cannot establish a secure connection to www.google.com because the root CA is not recognized.

Version-Release number of selected component (if applicable):

gnutls-2.8.5-4.el6_2.2.x86_64

How reproducible:

Always for me, but that depends on the www.google.com behavior.

Steps to Reproduce:
1. gnutls-cli --x509cafile /etc/pki/tls/certs/ca-bundle.crt  www.google.com

(www.redhat.com fails to verify, too.  This is probably related.)
  
Actual results:

- The hostname in the certificate matches 'www.google.com'.
- Peer's certificate issuer is not a CA
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
*** Verifying server certificate failed...


Expected results:

- The hostname in the certificate matches 'www.google.com'.
- Peer's certificate is trusted
- Version: TLS1.2
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
- Handshake was completed

Additional info:

The server sends these certificates:

  - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=www.google.com', issuer `C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA', RSA key 1024 bits, signed using RSA-SHA, activated `2011-10-26 00:00:00 UTC', expires `2013-09-30 23:59:59 UTC', SHA-1 fingerprint `c1956dc8a7dfb2a5a56934da09778e3a11023358'

-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x
MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw
FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy
wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B
d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM
BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl
LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----

 - Certificate[1] info:
  - subject `C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', RSA key 1024 bits, signed using RSA-SHA, activated `2004-05-13 00:00:00 UTC', expires `2014-05-12 23:59:59 UTC', SHA-1 fingerprint `ec071003d8f5a37f42c4557f656aae8665fa4b02'

-----BEGIN CERTIFICATE-----
MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw
MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD
QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx
PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g
5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo
3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG
A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX
BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov
L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF
BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB
BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc
q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR
bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv
-----END CERTIFICATE-----

The CA certificate is:

X.509 Certificate Information:
        Version: 1
        Serial Number (hex): 70bae41d10d92934b638ca7b03ccbabf
        Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority
        Validity:
                Not Before: Mon Jan 29 00:00:00 UTC 1996
                Not After: Tue Aug 01 23:59:59 UTC 2028
        Subject: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority
        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):
                        c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:db:e3
                        57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:11:cf:ee
                        02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:1f:78:7f:9e
                        93:b9:9a:00:aa:23:7d:d6:ac:85:a2:63:45:c7:72:27
                        cc:f4:4c:c6:75:71:d2:39:ef:4f:42:f0:75:df:0a:90
                        c6:8e:20:6f:98:0f:f8:ac:23:5f:70:29:36:a4:c9:86
                        e7:b1:9a:20:cb:53:a5:85:e7:3d:be:7d:9a:fe:24:45
                        33:dc:76:15:ed:0f:a2:71:64:4c:65:2e:81:68:45:a7
                Exponent (bits 24):
                        01:00:01
        Signature Algorithm: RSA-MD2
warning: signed using a broken signature algorithm that can be forged.
        Signature:
                bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a
                11:84:8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8
                95:bc:1d:8f:6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e
                d6:26:c0:76:01:57:81:92:5e:21:f1:d1:b1:ff:e7:d0
                21:58:cd:69:17:e3:44:1c:9c:19:44:39:89:5c:dc:9c
                00:0f:56:8d:02:99:ed:a2:90:45:4c:e4:bb:10:a4:3d
                f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:62:9f:e6:9f
                c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:0d:64
Other Information:
        MD5 fingerprint:
                10fc635df6263e0df325be5f79cd6767
        SHA-1 fingerprint:
                742c3192e607e424eb4549542be1bbc53e6174e2
        Public Key Id:
                2004b5897dae6245dbb3e20c4444d0afdcaa4f58

-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----

I'm not sure if the MD2 algorithm is the culprit, or the Version 1 certificate.  In any case, I think this should work out of the box.

Comment 2 RHEL Program Management 2012-12-14 08:02:08 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 3 Nikos Mavrogiannopoulos 2014-12-03 11:51:26 UTC
I cannot verify it, as it is no longer present with www.google.com. It now uses that CA:

X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 12bbe6
	Issuer: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
	Validity:
		Not Before: Tue May 21 04:00:00 UTC 2002
		Not After: Tue Aug 21 04:00:00 UTC 2018
	Subject: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
	Subject Public Key Algorithm: RSA
		Modulus (bits 2048):
			da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:3c:6c
			38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:43:b6:03
			e9:4d:21:07:08:88:da:58:2f:66:39:29:bd:05:78:8b
			9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:60:a6:b0:ef:80
			e4:89:28:0f:9e:25:d6:ed:83:f3:ad:a6:91:c7:98:c9
			42:18:35:14:9d:ad:98:46:92:2e:4f:ca:f1:87:43:c1
			16:95:57:2d:50:ef:89:2d:80:7a:57:ad:f2:ee:5f:6b
			d2:00:8d:b9:14:f8:14:15:35:d9:c0:46:a3:7b:72:c8
			91:bf:c9:55:2b:cd:d0:97:3e:9c:26:64:cc:df:ce:83
			19:71:ca:4e:e6:d4:d5:7b:a9:19:cd:55:de:c8:ec:d2
			5e:38:53:e5:5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb
			8e:a4:39:19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1
			1d:05:9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39
			e2:fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32
			eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:36
			84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:e4:f9
		Exponent (bits 24):
			01:00:01
	Extensions:
		Authority Key Identifier (not critical):
			48e668f92bd2b295d747d82320104f3398909fd4
		Subject Key Identifier (not critical):
			c07a98688d89fbab05640c117daa7d65b8cacc4e
		Basic Constraints (critical):
			Certificate Authority (CA): TRUE
		Key Usage (critical):
			Certificate signing.
			CRL signing.
		CRL Distribution points (not critical):
			URI: http://crl.geotrust.com/crls/secureca.crl
		Unknown extension 2.5.29.32 (not critical):
			ASCII: 0E0C..U. .0;09..+........-https://www.geotrust.com/resources/repository
			Hexdump: 304530430604551d2000303b303906082b06010505070201162d68747470733a2f2f7777772e67656f74727573742e636f6d2f7265736f75726365732f7265706f7369746f7279
	Signature Algorithm: RSA-SHA
	Signature:
		76:e1:12:6e:4e:4b:16:12:86:30:06:b2:81:08:cf:f0
		08:c7:c7:71:7e:66:ee:c2:ed:d4:3b:1f:ff:f0:f0:c8
		4e:d6:43:38:b0:b9:30:7d:18:d0:55:83:a2:6a:cb:36
		11:9c:e8:48:66:a3:6d:7f:b8:13:d4:47:fe:8b:5a:5c
		73:fc:ae:d9:1b:32:19:38:ab:97:34:14:aa:96:d2:eb
		a3:1c:14:08:49:b6:bb:e5:91:ef:83:36:eb:1d:56:6f
		ca:da:bc:73:63:90:e4:7f:7b:3e:22:cb:3d:07:ed:5f
		38:74:9c:e3:03:50:4e:a1:af:98:ee:61:f2:84:3f:12
Other Information:
	MD5 fingerprint:
		2e7db2a31d0e3da4b25f49b9542a2e1a
	SHA-1 fingerprint:
		7359755c6df9a0abc3060bce369564c8ec4542a3
	Public Key Id:
		6c83cc7e6744257b549c530fbd4d0478e1ffa23f

-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END CERTIFICATE-----

Comment 4 Nikos Mavrogiannopoulos 2014-12-03 11:58:53 UTC
However, the problem persists with www.redhat.com.

The issue seems to be:
* Version 2.7.6 (released 2009-02-27)
** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 and %VERIFY_ALLOW_X509_V1_CA_CRT.
They can be used to override the default certificate chain validation
behaviour.

which was undid in:
* Version 2.10.5 (released 2011-02-28)
** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.


Thus one to be able to connect to such sites in RHEL 6.x, must use:
$ gnutls-cli --x509cafile /etc/pki/tls/certs/ca-bundle.crt  www.redhat.com --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT

Comment 5 Nikos Mavrogiannopoulos 2014-12-03 12:01:49 UTC
Unless there is more information about that being a bug rather than the documented behaviour I'm inclined to close that as not a bug.

Comment 6 Florian Weimer 2014-12-03 12:05:57 UTC
(In reply to Nikos Mavrogiannopoulos from comment #5)
> Unless there is more information about that being a bug rather than the
> documented behaviour I'm inclined to close that as not a bug.

Agreed, considering that no one else seems to have encountered this problem.


Note You need to log in before you can comment on or make changes to this bug.