[gnutls-devel] GnuTLS | Unable to verify certificate chain on app.usmobile.com (#1771)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Dec 5 02:16:25 CET 2025 


Michael Catanzaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1771



## Description of problem:

GnuTLS fails to verify the certificate chain on app.usmobile.com:

```
$ gnutls-cli app.usmobile.com
Processed 393 CA certificate(s).
Resolving 'app.usmobile.com:443'...
Connecting to '2606:4700::6812:667:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=app.usmobile.com', issuer `CN=Cloudflare TLS Issuing ECC CA 3,O=SSL Corporation,C=US', serial 0x3d7fb41e831e456921073810e12e6290, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2025-11-12 18:05:49 UTC', expires `2026-11-12 17:47:06 UTC', pin-sha256="70y5eLrafXTVMjbptBrllO9Mw8FW9c2xuofNXy0Qqkc="
	Public Key ID:
		sha1:edd8ffacf5be4501880ac4d61bb967f84583cb6f
		sha256:ef4cb978bada7d74d53236e9b41ae594ef4cc3c156f5cdb1ba87cd5f2d10aa47
	Public Key PIN:
		pin-sha256:70y5eLrafXTVMjbptBrllO9Mw8FW9c2xuofNXy0Qqkc=

- Certificate[1] info:
 - subject `CN=Cloudflare TLS Issuing ECC CA 3,O=SSL Corporation,C=US', issuer `CN=SSL.com TLS Transit ECC CA R2,O=SSL Corporation,C=US', serial 0x31eee88afb87cd9ef8336604743f9b27, EC/ECDSA key 256 bits, signed using ECDSA-SHA384, activated `2025-05-29 19:49:45 UTC', expires `2035-05-27 19:49:44 UTC', pin-sha256="44viFzTC+h/L+3OHRg4Rs5v4+AcpzHZvI9Tne2RDNGk="
- Certificate[2] info:
 - subject `CN=SSL.com TLS Transit ECC CA R2,O=SSL Corporation,C=US', issuer `CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x00ad8d2df64681a0d36447eaa94fa273c1, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2024-06-21 00:00:00 UTC', expires `2028-12-31 23:59:59 UTC', pin-sha256="OXyj9ngbqO9cjLeO/+t9Ggl2EP4JTnVWHq4LEwhFM9w="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```

firefox-145.0.1-1.fc43 accepts this with no problems, so ideally GnuTLS would as well. OpenSSL notably does not accept it (I tested `openssl s_client -connect app.usmobile.com:443`), but OpenSSL is notoriously not very good at certification path building. [SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=app.usmobile.com&s=2606%3a4700%3a0%3a0%3a0%3a0%3a6812%3a767) proposes two possible valid certification paths, the second of which won't work by default with gnutls-cli because it requires downloading an intermediate certificate using AuthorityInformationAccess. But the first path probably ought to work? I wonder if there is some good reason to reject it?

Daiki says this looks similar to #1741, although notably that issue involves duplicate certs in the certification path, which is not the case here.

Here's the certificate chain, for posterity: [test.crt](/uploads/8c2b53dff1008f1bea676cfb912b5b08/test.crt)

## Version of gnutls used: gnutls-3.8.11-5.fc43 with ca-certificates-2025.2.80_v9.0.304-1.1.fc43:


## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL): Fedora


## How reproducible: Always

Steps to Reproduce:

 * `gnutls-cli app.usmobile.com`

## Actual results:

Chain is rejected as untrusted

## Expected results:

Chain should probably(?) verify successfully

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1771
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251205/91614ab1/attachment-0001.html>

More information about the Gnutls-devel mailing list