Package: src:gnutls28
Version: 3.6.7-4+deb10u3
Severity: grave
Justification: renders package unusable
Hi,
gnutls appears to fail building a certificate chain, if:
- the server sends an alternate chain with an expired intermediate
- a matching root is in the local trust store.
This was found because the "AddTrust External CA Root" [1] expired today,
and it was used - a long time ago - to cross-sign the "USERTrust RSA
Certification Authority" Root CA. When a server sends the cross-signed
certificate, gnutls thinks the entire chain is invalid, even though the
not-expired root is contained in its trust store.
Example:
$ gnutls-cli apt.puppet.com:443
Processed 129 CA certificate(s).
Resolving 'apt.puppet.com:443'...
Connecting to '2600:9000:2043:2200:1d:fc37:1cc0:93a1:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=apt.puppet.com,OU=PositiveSSL Multi-Domain,OU=Domain Control
Validated', issuer `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR',
serial 0x00d50b93f3f071150e62d87aee147a1520, RSA key 2048 bits, signed using
RSA-SHA256, activated `2019-07-18 00:00:00 UTC', expires `2020-07-18 23:59:59
UTC', pin-sha256="oBlhqVlMzd0j01OweaExY7LRykSLER7Cyml3qM9Rp4M="
Public Key ID:
sha1:c94ab18efcc44ba3c51d39f831a734ad4e78e60b
sha256:a01961a9594ccddd23d353b079a13163b2d1ca448b111ec2ca6977a8cf51a783
Public Key PIN:
pin-sha256:oBlhqVlMzd0j01OweaExY7LRykSLER7Cyml3qM9Rp4M=
- Certificate[1] info:
- subject `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR',
issuer `CN=USERTrust RSA Certification Authority,O=The USERTRUST
Network,L=Jersey City,ST=New Jersey,C=US', serial
0x05e4dc3b9438ab3b8597cba6a19850e3, RSA key 2048 bits, signed using RSA-SHA384,
activated `2014-09-12 00:00:00 UTC', expires `2024-09-11 23:59:59 UTC',
pin-sha256="WGJkyYjx1QMdMe0UqlyOKXtydPDVrk7sl2fV+nNm1r4="
- Certificate[2] info:
- subject `CN=USERTrust RSA Certification Authority,O=The USERTRUST
Network,L=Jersey City,ST=New Jersey,C=US', issuer `CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial
0x13ea28705bf4eced0c36630980614336, RSA key 4096 bits, signed using RSA-SHA384,
activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC',
pin-sha256="x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4="
- Status: The certificate is NOT trusted. The certificate chain uses
expired certificate.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
Note that modern browsers, and OpenSSL 1.1.1 has no problem with this
server.
Obviously, this also breaks APT.
I'm marking this grave, as GnuTLS doesn't seem to follow standards here,
various other software just works, GnuTLS-using clients all break, and
many many sites on the public Internet send the cross-signed
certificate.
Thanks,
Chris
[1] https://crt.sh/?id=1
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
