GnuTLS upstream reports: Romain Francoise reported that gnutls-cli does not check the activation and expiration dates of X.509 certificates. This is assumed to apply to all versions of gnutls-cli. Further upstream investigation of the problem showed that other applications using GnuTLS library may be affected by the similar problem, as GnuTLS' gnutls_certificate_verify_peers* functions do not check activation / expiration times on certificates. Such check was expected to be done by the applications using GnuTLS library. This decision was now re-considered upstream and activation / expiration time checks are being added to _gnutls_x509_verify_certificate in the GnuTLS library, instead of only being added to gnutls-cli. Applications not wanting this time verification should explicitly disable it by using newly introduced GNUTLS_VERIFY_DISABLE_TIME_CHECKS verification flag. While this code introduces a change, which is not backwards compatible, upstream believes this should not negatively impact existing code.
Created attachment 341539 [details] Upstream patch
For testing purposes, upstream has set up few testing URLs with expired certificates: https://expired.demo.gnutls.org/ - Expired server certificate https://expired-subca.demo.gnutls.org/ - Expire intermediate certificate, server return intermediate CA https://expired-subca2.demo.gnutls.org/ - Expire intermediate certificate server does not return intermediate CA Can be tested using: gnutls-cli expired.demo.gnutls.org
GnuTLS is shipped in Red Hat Enterprise Linux 4 and 5. Applications using GnuTLS' certificate verification (libsoup, libvirt, gtk-vnc) already perform activation / expiration date checks. gnutls-cli command line tool is affected by this problem. The impact of this flaw is limited (besides having expired certificate, attacker would need to have associated private key as well and trick user to connect to spoofed SSL/TLS server), and the fix introduces backwards incompatible change. Future updates of gnutls packages in Red Hat Enterprise Linux 4 and 5 may include this change.
Public now via upstream security advisory: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517 Fix included in upstream version 2.6.6: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
gnutls-cli is documented as a "test program" so I'd struggle to call this a security issue there.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1417 to the following vulnerability: Name: CVE-2009-1417 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 Assigned: 20090424 Reference: MLIST:[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417] Reference: URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517 Reference: SECUNIA:34842 Reference: URL: http://secunia.com/advisories/34842 gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
This was further discussed internally and it was decided not to backport this change to Red Hat Enterprise Linux 4 and 5. This fix changes documented behaviour, possibly creating a regression for applications that performed all required checks previously (they will no longer report expired / not yet active certificates correctly, rather use generic SSL verification error). Given the low impact of the flaw and the API-breaking nature of the fix, we do not plan to fix this flaw in already released product versions. Future versions containing newer upstream GnuTLS versions will include this fix.