[gnutls-devel] GnuTLS | gnutls-cli: misleading output when verifying cross-signed certificate chain (#1477)

[Read-only notification of GnuTLS library development activities]

Dimitrios Apostolou created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1477



Running gnutls-cli against letsencrypt.org shows the following output:
```
$ gnutls-cli -p 443 letsencrypt.org
Processed 414 CA certificate(s).
Resolving 'letsencrypt.org:443'...
Connecting to '34.141.11.154:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=lencr.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04eac294a0e61035d8254d5a04f61a37c802, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-02-02 00:00:24 UTC', expires `2023-05-03 00:00:23 UTC', pin-sha256="Z01UftPixvNAGu26I3rx4bremFOKT/7UjuLFSPF42PA="
        Public Key ID:
                sha1:11be4527d70814fbfd2b37080293fc45d85afe75
                sha256:674d547ed3e2c6f3401aedba237af1e1bade98538a4ffed48ee2c548f178d8f0
        Public Key PIN:
                pin-sha256:Z01UftPixvNAGu26I3rx4bremFOKT/7UjuLFSPF42PA=

- Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is trusted. 
```
The last line leads us to believe that **the last certificate on the chain is trusted**.

However this is not the case. If I use gnutls-cli with `--print-cert` and copy-paste the certificates into their own files, `certtool` reports that **certificate[2] is untrusted**, but **certificate[1] one is trusted**.

This is because certificate[2] is issued by an expired CA, and certificate[1] is cross-signed by both certificate[2] (invalid trust) and by a trusted CA.

This is not trivial to figure out. gnutls-cli should print information on what path it used to verify the chain, and not just print "certificate trusted" under the last certificate. A quick fix would be to just print "certificate[0] trusted" to avoid any confusion. But still it would be nice to have some verbose output on how gnutls came to that conclusion.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1477
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230331/1af60768/attachment-0001.html>