Re: [Bug 446392] New: SSL error: Key usage violation

[Simon Josefsson]

Joe Orton <address@hidden> writes:

> I'm about to go on holiday so won't be able to look into this myself for 
> a week or so; Fedora 9 ships with GnuTLS 2.0.4, but I can reproduce this 
> with the slightly stale git checkout I had lying around, so I'd suspect 
> this is a GnuTLS cert validation bug?
>
> $ ./bin/gnutls-cli svn.eionet.europa.eu
> Resolving 'svn.eionet.europa.eu'...
> Connecting to '217.74.209.183:443'...
> *** Fatal error: Key usage violation in certificate has been detected.
> *** Handshake has failed

Hi.  Thanks for the report.  Without further information, I believe that
is the correct behavior.

address@hidden:~/src/gnutls$ gnutls-cli -d 4711 svn.eionet.europa.eu 2>&1 |grep 
'Selected cipher'
|<3>| HSK[8074078]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1
address@hidden:~/src/gnutls$ 

RFC 2246 and 4346:

      DHE_RSA                 RSA public key that can be used for
                              signing.
...
   All certificate profiles and key and cryptographic formats are
   defined by the IETF PKIX working group [PKIX].  When a key usage
   extension is present, the digitalSignature bit MUST be set for the
   key to be eligible for signing, as described above, and the
   keyEncipherment bit MUST be present to allow encryption, as described
   above.  The keyAgreement bit must be set on Diffie-Hellman
   certificates.

address@hidden:~/src/gnutls$ certtool -i < cert.pem |grep 'Key Usage' -A 2
                Key Usage (not critical):
                        Key encipherment.
                Subject Key Identifier (not critical):
address@hidden:~/src/gnutls$ 

In other words, the certificate must have the digitalSignature bit
enabled to be usable as a TLS server certificate for this ciphersuite.

/Simon