[gnutls-help] How to deal with multiple certificate chains?

Paul Menzel paulepanter at users.sourceforge.net
Mon Jul 10 20:44:14 CEST 2017


Dear GnuTLS folks,


There is a regression in the banking software AqBanking [1] after the
removal of a certificate with a short hash. AqBanking uses Gwenhywfar,
which uses GnuTLS.

The good thing is, that the GnuTLS tools work.

> Status: The certificate is trusted.

```
$ echo "" | gnutls-cli hbci11.fiducia.de 443
Processed 166 CA certificate(s).
Resolving 'hbci11.fiducia.de:443'...
Connecting to '195.200.35.18:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=hbci11.fiducia.de,OU=Produktion,O=Fiducia & GAD IT AG,L=Karlsruhe,ST=Baden-Wuerttemberg,C=DE', issuer `CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial 0x4ea797384997e61f9294b5ea9dd6dd71, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-05-04 00:00:00 UTC', expires `2017-08-03 23:59:59 UTC', pin-sha256="zonnfxgRNRjW4PB/K413ypyNzEt1Csmh9FbSl3aeA1U="
	Public Key ID:
		sha1:b3b832d4acd3ba172cffd79969f83d60dd3be5c4
		sha256:ce89e77f18113518d6e0f07f2b8d77ca9c8dcc4b750ac9a1f456d297769e0355
	Public Key PIN:
		pin-sha256:zonnfxgRNRjW4PB/K413ypyNzEt1Csmh9FbSl3aeA1U=
	Public key's random art:
		+--[ RSA 2048]----+
		|                 |
		|                 |
		|                 |
		|                 |
		|     +  S    . o |
		|    o =. o  o . E|
		|   . =...  + = oo|
		|    = +.  o *..o.|
		|    oB.... o. ...|
		+-----------------+

- Certificate[1] info:
 - subject `CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', serial 0x513fb9743870b73440418d30930699ff, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-10-31 00:00:00 UTC', expires `2023-10-30 23:59:59 UTC', pin-sha256="9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY="
- Certificate[2] info:
 - subject `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', issuer `OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US', serial 0x250ce8e030612e9f2b89f7054d7cf8fd, RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="
- Status: The certificate is trusted. 
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID: A6:CC:C9:86:3B:50:7D:AA:0F:14:F4:78:22:19:A4:B2:83:A5:9E:AF:C4:13:FD:8E:64:86:A2:46:F2:A9:F4:C3
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: SECP256R1
 - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:
```

Now, if Gwenhywfar is used, a different certificate chain is used.

Long certificate chain with intermediate certificate and old root
certificate 1,3,5,6 or 2,4,5,6 for hbci.postbank.de and
hbci11.fiducia.de.

6: VeriSign Class 3 Public Primary Certification Authority  (root CA, 1024 bit RSA key)
      |
      V
5: VeriSign Class 3 Public Primary Certification Authority - G5   (intermediate)
      |                                                 |
      V                                                 V
3: Symantec Class 3 EV SSL CA - G3             4: Symantec Class 3 Secure Server CA - G4
      |                                                 |
      V                                                 V
1: hbci.postbank.de                            2: hbci11.fiducia.de

----------------------------------------------------------------------------------------

Short certificate chain without intermediate certificates 1,3,7 or 2,4,7:

7: VeriSign Class 3 Public Primary Certification Authority - G5   (root CA, 2048 bit RSA)
      |                                                 |
      V                                                 V
3: Symantec Class 3 EV SSL CA - G3             4: Symantec Class 3 Secure Server CA - G4
      |                                                 |
      V                                                 V
1: hbci.postbank.de                            2: hbci11.fiducia.de

Could you please help how to deal with this situation? The code calls
`gnutls_certificate_verify_peers2()` in line 640 [2].

```
[…]
  rv=gnutls_certificate_verify_peers2(xio->session, &status);
  if (rv<0) {
    DBG_INFO(GWEN_LOGDOMAIN, "gnutls_certificate_verify_peers2: %d (%s)", rv, gnutls_strerror(rv));
    GWEN_SslCertDescr_free(certDescr);
    return GWEN_ERROR_SSL_SECURITY;
  }

  if (gnutls_certificate_type_get(xio->session)!=GNUTLS_CRT_X509) {
    DBG_INFO(GWEN_LOGDOMAIN, "Certificate is not X.509");

    GWEN_SslCertDescr_free(certDescr);
    return GWEN_ERROR_SSL_SECURITY;
  }

  if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
    DBG_INFO(GWEN_LOGDOMAIN, "Signer not found");
    GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Warning,
                         I18N("Signer not found"));
    errFlags|=GWEN_SSL_CERT_FLAGS_SIGNER_NOT_FOUND;
  }

  if (status & GNUTLS_CERT_INVALID) {
    DBG_INFO(GWEN_LOGDOMAIN, "Certificate is not trusted");
    GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Warning,
                         I18N("Certificate is not trusted"));
    errFlags|=GWEN_SSL_CERT_FLAGS_INVALID;
  }
[…]
```


Thanks,

Paul


[1] https://www.aquamaniac.de/sites/aqbanking/
[2] https://sources.debian.net/src/libgwenhywfar/4.17.0-3/src/sio/syncio_tls.c/#L640
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20170710/add8d205/attachment.sig>


More information about the Gnutls-help mailing list