We'll need to do another 2.6.x release, to make X.509 certificate chains ending with RSA-MD2 CA's (i.e., one of VeriSign's CA's) validate successfully again. I have prepared a daily build that incorporates everything we want to release in 2.6.3, please test it now:
http://daily.josefsson.org/gnutls-2.6/gnutls-2.6-20081210.tar.gz http://daily.josefsson.org/gnutls-2.6/gnutls-2.6-20081210.tar.gz.gpg I've prepared patches against the two latest stable branches below. /Simon Patch against 2.6.2: diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 92ef722..00e2422 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -374,6 +374,24 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, int i = 0, ret; unsigned int status = 0, output; + if (clist_size > 1) + { + /* Check if the last certificate in the path is self signed. + * In that case ignore it (a certificate is trusted only if it + * leads to a trusted party by us, not the server's). + * + * This in addition prevents from verifying self signed certificates + * against themselves. This although not bad caused verification + * failures on some root self signed certificates that use the MD2 + * algorithm. + */ + if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) > 0) + { + clist_size--; + } + } + /* Verify the last certificate in the certificate path * against the trusted CA certificate list. * Patch against 2.4.2: --- gnutls-2.4.2/lib/x509/verify.c.orig 2008-12-10 16:05:39.000000000 +0100 +++ gnutls-2.4.2/lib/x509/verify.c 2008-12-10 16:05:41.000000000 +0100 @@ -376,6 +376,24 @@ int i = 0, ret; unsigned int status = 0, output; + if (clist_size > 1) + { + /* Check if the last certificate in the path is self signed. + * In that case ignore it (a certificate is trusted only if it + * leads to a trusted party by us, not the server's). + * + * This in addition prevents from verifying self signed certificates + * against themselves. This although not bad caused verification + * failures on some root self signed certificates that use the MD2 + * algorithm. + */ + if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) > 0) + { + clist_size--; + } + } + /* Verify the last certificate in the certificate path * against the trusted CA certificate list. * @@ -414,17 +432,6 @@ } #endif - /* Check if the last certificate in the path is self signed. - * In that case ignore it (a certificate is trusted only if it - * leads to a trusted party by us, not the server's). - */ - if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0 - && clist_size > 0) - { - clist_size--; - } - /* Verify the certificate path (chain) */ for (i = clist_size - 1; i > 0; i--) _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
