Description of problem: running the command "openssl s_client -connect twitter.com:443" will in produce an "Verify return code: 0 (ok)" while the twitter certificate is untrusted. Providing the option -CAfile together with an empty file will still show no error. Copying the intermediate (twitter) certificate to a file named "twitter" and running "openssl verify twitter" will display the error "error 20 at 0 depth lookup:unable to get local issuer certificate" Version-Release number of selected component (if applicable): OpenSSL: OpenSSL 1.0.0j-fips 10 May 2012 OS: Fedora release 17 (Beefy Miracle) How reproducible: run "openssl s_client -connect twitter.com:443" Steps to Reproduce: 1. 2. 3. Actual results: openssl s_client -connect twitter.com:443 CONNECTED(00000003) depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)06, CN = VeriSign Class 3 Extended Validation SSL CA verify return:1 depth=0 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, businessCategory = Private Organization, serialNumber = 4337446, C = US, postalCode = 94107, ST = California, L = San Francisco, street = "795 Folsom St, Suite 600", O = "Twitter, Inc.", OU = Twitter Security, CN = twitter.com verify return:1 --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94107/ST=California/L=San Francisco/street=795 Folsom St, Suite 600/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 --- Server certificate -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x MjA0MTAwMDAwMDBaFw0xNDA1MTAyMzU5NTlaMIIBFzETMBEGCysGAQQBgjc8AgED EwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0 ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQzMzc0NDYxCzAJBgNVBAYTAlVTMQ4w DAYDVQQRFAU5NDEwNzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2Fu IEZyYW5jaXNjbzEhMB8GA1UECRQYNzk1IEZvbHNvbSBTdCwgU3VpdGUgNjAwMRYw FAYDVQQKFA1Ud2l0dGVyLCBJbmMuMRkwFwYDVQQLFBBUd2l0dGVyIFNlY3VyaXR5 MRQwEgYDVQQDFAt0d2l0dGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAL7pd7TChZF0U21aCfxUIzdUHm4siWxcQ678xRerDI2hXmThiUyVKnHS CeSB+gDBXG4qoRHSEcwq7J1YhFscsKz6o4ktsWLqVowGSWNbW92ZbtjOGkTD3xdp O8Fqfgcs5Lq1yK517nrbtEp6OXEWcoWv15voP4wV7Z9HjCP6v5N1MmrPN187wDMH W1meJqxQ/7LiULgVQMVV/U6qLOhUeNpl/06CqxScU1bfnbep5SohUG+z6d8CUaPX 55EhGtAPzXNJAHDSkiNgSKkPr1USJ9YiXusqmjcPChRfkT77kROjWnxgV+oucF+T ja+Ist8acKy2sgCidhUyuXCWG44bIf8CAwEAAaOCAhwwggIYMCcGA1UdEQQgMB6C D3d3dy50d2l0dGVyLmNvbYILdHdpdHRlci5jb20wCQYDVR0TBAIwADAdBgNVHQ4E FgQUtXiQRnmvbuddQEjER8bw4CjBMYQwCwYDVR0PBAQDAgWgMEIGA1UdHwQ7MDkw N6A1oDOGMWh0dHA6Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJl MjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAqMCgGCCsGAQUFBwIB FhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT8ilC6nrklWntVhU+VAGOP6VhrQzB8 BggrBgEFBQcBAQRwMG4wLQYIKwYBBQUHMAGGIWh0dHA6Ly9FVlNlY3VyZS1vY3Nw LnZlcmlzaWduLmNvbTA9BggrBgEFBQcwAoYxaHR0cDovL0VWU2VjdXJlLWFpYS52 ZXJpc2lnbi5jb20vRVZTZWN1cmUyMDA2LmNlcjBuBggrBgEFBQcBDARiMGChXqBc MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsH iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJ KoZIhvcNAQEFBQADggEBAAqg81oADEdE+/Clm4Q43avFTkpuHkpYbu0bDvSVhoMS n12b0CAtIgY7Sg+kI0/T0PaaDDxy6lEm8YAu/NLNvgXhIEYKxZQ7sUrKrfY+avdM PumYGkWeQ0xEf0ZLbGCfp9DA+cwxGgZaxT0HdhLhSZOvlw3F3vWezUuriUYacRL6 AW1EzC3uU2zj6T0z2v75Xa8u6AwY6YqAoMJCyR12bc7sGkRoD0ak27DdvP56qh5N 0tjHHMI1d6IJs0TAO26/SVI7YlQXEstKHk9iJzappwZ/0HZJsepX7jIxvlxyKKGb 8MQGjSCwx8bY2PbYaLe0rkk2IjH0aMUlHW77DpNAK40= -----END CERTIFICATE----- subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94107/ST=California/L=San Francisco/street=795 Folsom St, Suite 600/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA --- No client certificate CA names sent --- SSL handshake has read 3483 bytes and written 427 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 147E587AC45EA6BCB690D2B2AB6B42DF041BB8A851CF393564754E377ACA6AC8 Session-ID-ctx: Master-Key: 40B720FC8534298EB97FA1254D25FFBCC95480C4B1A98773697BDB9714ABA3F001C6640DB500FB59D58ECEDD41C69695 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 14400 (seconds) TLS session ticket: 0000 - af af 6b 03 32 8b fb 09-6d 71 d7 96 c1 77 33 0a ..k.2...mq...w3. 0010 - 81 25 4d 7b 34 b4 1f 16-3e ca a5 ea 1c 40 eb 44 .%M{4...>....@.D 0020 - 72 cd ea 9b c2 b5 07 60-cd 54 58 ac fb e5 61 df r......`.TX...a. 0030 - 13 aa bf 37 cc 65 e5 1e-3a 26 64 25 84 c1 42 1f ...7.e..:&d%..B. 0040 - b6 5f 44 f9 b0 52 cc 78-e5 13 c4 a9 1f fd 97 e9 ._D..R.x........ 0050 - 9d 27 1b a5 46 b4 5f c5-b7 7a 54 6b 6d 7e fa c9 .'..F._..zTkm~.. 0060 - 01 12 b6 41 13 cc 3b bd-0b e1 ee c9 aa a1 b9 e5 ...A..;......... 0070 - 41 5f 80 77 22 ff dc e3-51 cb 9c 08 c3 84 c0 39 A_.w"...Q......9 0080 - ed b5 a9 0a 38 84 bb 2b-d7 e6 a4 67 00 14 f2 b4 ....8..+...g.... 0090 - e9 1e d6 7b f1 2a b3 ec-1b 5a 89 9a 50 fd 37 5b ...{.*...Z..P.7[ Start Time: 1354718783 Timeout : 300 (sec) Verify return code: 0 (ok) --- closed Expected results: an error that the intermediate certificate is not trusted. Additional info: output of openssl verify on intermediate certificate: twitter: 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, businessCategory = Private Organization, serialNumber = 4337446, C = US, postalCode = 94107, ST = California, L = San Francisco, street = "795 Folsom St, Suite 600", O = "Twitter, Inc.", OU = Twitter Security, CN = twitter.com error 20 at 0 depth lookup:unable to get local issuer certificate
This is not a bug. The intermediate certificates are sent by the server and are verified by chain that ends on the primary certificate that is trusted. In the openssl verify call you provide just the server certificate and the intermediate certificates are missing.
I would like to chime in here. The reporter issues the command openssl s_client -connect twitter.com:443 *without* using -CAfile to indicate trusted root certs. So to which root certificate does Fedora's version of openssl chain up? Do you chain to a default root store shipped with Fedora? Because on an Ubuntu, the reporter is absolutely correct in stating that openssl returns: Verify return code: 20 (unable to get local issuer certificate) IMO this is the correct and expected behaviour as openssl has no clue how to complete the cert chain nor is it able to identify a root cert as trusted. The error code reflects exactly that. So, before we ultimately close this bug, can you please at least state if openssl on Fedora behaves differently than on Ubuntu in that it assumes a default root store shipped with the OS? Thanks!
I misunderstood the report, yes you're right that this is bug - if -CAfile or -CApath is explicitly specified, the default ca bundle should not be loaded.
OK. Thanks for the quick reply, much appreciated!
Fixed on Rawhide in openssl-1.0.1c-10.fc19.
This message is a reminder that Fedora 17 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 17. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '17'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 17's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 17 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 17's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.