[gnutls-devel] gnutls-cli --dane

James Cloos cloos at jhcloos.com
Fri Apr 18 21:19:39 CEST 2014

The report when using --dane is at best misleading during certificate

During a rollover, when two tlsa records are in play, gnutls-cli gives
results like this:

  - DANE: Verification failed. The certificate differs. 
  - Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
  - Simple Client Mode:

That it gets to SCM shows that it was happy with one of the TLSAs, but
it only mentions that it was unhappy with the other TLSA.

When a single TLSA is in play, the report is like:

- DANE: Certificate matches. 
  - Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)
  - Simple Client Mode:

DANE says that verification succeeds if any of the TLSA records match.
That language was chosen expressly to permit secure rollovers.

Gnutls gets that partly right, in that it allows the socket to
continue.  It also accurately should report the verification facts.

Maybe something akin to this language:

  - DANE: (1 of 2) Certificate(s) match.

The command lines I used for the above excerpts are:
(the first is in the midst of a rollover):

  gnutls-cli --no-ca-verification --dane keys.jhcloos.com
  gnutls-cli --no-ca-verification --dane jhcloos.com

(I'm happy that the worst of it is that the verbiage can be misleading.)

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the Gnutls-devel mailing list