[gnutls-devel] GnuTLS | SHA-1 root CA is rejected when %PROFILE_MEDIUM is set (#1202)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Apr 13 12:21:44 CEST 2021
Jacek created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1202
## Description of problem:
When trusted root CA is self-signed using SHA-1 algorithms (some roots that are still valid and issue certs do), certificate verification will always fail when `%PROFILE_MEDIUM` is specified.
Certificates included in trust store should be trusted implicitly. SHA-1 vulnerabilities have no effect on security of such certs.
Either trusted CAs should be excluded from MEDIUM profile checks or flag that could be chained with PROFILE_MEDIUM, similar to `%VERIFY_ALLOW_SIGN_WITH_SHA1` but for root/trusted CAs only, should be introduced.
Also see:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1875920
## Version of gnutls used:
RHEL 8/CentOS 8 - 3.6.14
Debian bullseye - 3.7.1
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL 8 / CentOS 8 / Debian bullseye (testing)
## How reproducible:
Always.
## Steps to Reproduce:
* `docker exec -i -t --rm debian:bullseye`
* `apt update`
* `apt install ca-certificates gnutls-bin`
* `gnutls-cli --priority='PFS:%PROFILE_MEDIUM' --starttls-proto smtp --port 25 smtp.yandex.ru -d 2`
## Actual results:
(Notice that all certificates sent by server are `signed using RSA-SHA256`)
```
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=smtp.yandex.ru,O=Yandex LLC,OU=ITO,L=Moscow,C=RU', issuer `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', serial 0x1091dc2c81285a6ac43099d9807911f2, RSA key 2048 bits, signed using RSA-SHA256, activated `2021-03-10 13:11:13 UTC', expires `2021-09-08 13:11:13 UTC', pin-sha256="A11cXe/nKnLc57yB8f0qD6x5CXarK4dzIStUDKIA9K8="
Public Key ID:
sha1:cf865545c989534f54118f6b8498495d424f79fb
sha256:035d5c5defe72a72dce7bc81f1fd2a0fac790976ab2b8773212b540ca200f4af
Public Key PIN:
pin-sha256:A11cXe/nKnLc57yB8f0qD6x5CXarK4dzIStUDKIA9K8=
- Certificate[1] info:
- subject `CN=Yandex CA,OU=Yandex Certification Authority,O=Yandex LLC,C=RU', issuer `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', serial 0x00e40547830e0c6452976f7a3549c0dd48, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-01-21 12:00:00 UTC', expires `2025-01-18 12:00:00 UTC', pin-sha256="LNFe+yc4/NZbJVynpxAeAd+brU3EPwGbtwF6VeUjI/Y="
- Certificate[2] info:
- subject `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', issuer `CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL', serial 0x00939285400165715f947f288fefc99b28, RSA key 2048 bits, signed using RSA-SHA256, activated `2008-10-22 12:07:37 UTC', expires `2027-06-10 10:46:39 UTC', pin-sha256="qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU="
|<2>| issuer in verification was not found or insecure; trying against trust list
|<2>| GNUTLS_SEC_PARAM_MEDIUM: certificate's signature hash strength is unacceptable (is 80 bits, needed 112)
- Status: The certificate is NOT trusted. The certificate chain uses insecure algorithm.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```
## Expected results:
```
- Status: The certificate is trusted.
- Description: (...)
- Session ID: (...)
- Options:
- Handshake was completed
- Simple Client Mode:
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1202
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210413/c9ee5b20/attachment.html>
More information about the Gnutls-devel
mailing list