Gnu TLS needs to be more tolerant of mistakes in certificate chain order
From:
Stephen Baynes
Subject:
Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
Date:
Fri, 14 Sep 2012 11:00:59 +0100
Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
For example:
$ gnutls-cli www.thawte.com Resolving 'www.thawte.com'...
Connecting to '69.58.181.130:443'... - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1020 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 3 certificates.
- Certificate[0] info: - subject `jurisdictionOfIncorporationCountryName=US,jurisdictionOfIncorporationStateOrProvinceName=Delaware,businessCategory=Private Organization,O=Thawte\, Inc.,serialNumber=3898261,C=US,ST=California,L=Mountain View ,OU=Infrastructure Operations,CN=WWW.THAWTE.COM', issuer `C=US,O=thawte\, Inc.,OU=Terms of use at https://www.thawte.com/cps (c)06,CN=thawte Extended Validation SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-11-03 00:00:00 UTC', expires `2013-10-30 23:59:59 UTC', SHA-1 fingerprint `571294b7a761e6142b9116d09adab6e5728d7af7'
- Certificate[1] info: - subject `C=US,O=thawte\, Inc.,OU=Certification Services Division,OU=(c) 2006 thawte\, Inc. - For authorized use only,CN=thawte Primary Root CA', issuer `C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Premium Server CA,EMAIL=address@hidden', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-17 00:00:00 UTC', expires `2020-12-30 23:59:59 UTC', SHA-1 fingerprint `5335e96a28512832eccfa6ed7d24362317d994db'
- Certificate[2] info: - subject `C=US,O=thawte\, Inc.,OU=Terms of use at https://www.thawte.com/cps (c)06,CN=thawte Extended Validation SSL CA', issuer `C=US,O=thawte\, Inc.,OU=Certification Services Division,OU=(c) 2006 thawte\, Inc. - For authorized use only,CN=thawte Primary Root CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-17 00:00:00 UTC', expires `2016-11-16 23:59:59 UTC', SHA-1 fingerprint `3dd6c26a33b179e76eed2cd360aa75a5c1b76a56'
- The hostname in the certificate matches 'www.thawte.com'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted
I agree to be strictly correct, [1] and [2] need to be swapped round.
Yet https://www.thawte.com works in all the main browsers and with wget and curl. So GnuTLS is the one that does not follow defacto standards even if it is the one that follows the formal standards).
Also if a certificate savvy company like Thawte can't get it right, who can be expected to? [I will approach Thawte and see if they will correct theirs. But it seems that it has been wrong for at least a couple of months, so it is unlikely that many are finding it a problem.]
That is over 2% of the original sample, small but hardly insignificant.
The one good thing is that in all cases the first entry in the chain was the correct
one which makes it much easier to know where to start.
Using gnutls-cli (GnuTLS) 2.12.14 Packaged by Debian (2.12.14-5ubuntu3.1) Also used in testing an application built with GnuTLS 3.0.18 I have read the release news for later versions of GnuTLS and cannot see any related changes.
-- Stephen Baynes CEng MBCS CITP
Senior Software Developer
address@hidden
Smoothwall Limited is registered in England, Company Number: 4298247
and whose registered address is 1 John Charles Way, Leeds, LS12 6QA
United Kingdom
This email and any attachments transmitted with it are confidential
to the intended recipient(s) and may not be communicated to any other
person or published by any means without the permission of Smoothwall
Limited. Any opinions stated in this message are solely those of the
author.