Package: src:gnutls28 Version: 3.6.7-4+deb10u3 Severity: grave Justification: renders package unusable
Hi, gnutls appears to fail building a certificate chain, if: - the server sends an alternate chain with an expired intermediate - a matching root is in the local trust store. This was found because the "AddTrust External CA Root" [1] expired today, and it was used - a long time ago - to cross-sign the "USERTrust RSA Certification Authority" Root CA. When a server sends the cross-signed certificate, gnutls thinks the entire chain is invalid, even though the not-expired root is contained in its trust store. Example: $ gnutls-cli apt.puppet.com:443 Processed 129 CA certificate(s). Resolving 'apt.puppet.com:443'... Connecting to '2600:9000:2043:2200:1d:fc37:1cc0:93a1:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `CN=apt.puppet.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated', issuer `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR', serial 0x00d50b93f3f071150e62d87aee147a1520, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-07-18 00:00:00 UTC', expires `2020-07-18 23:59:59 UTC', pin-sha256="oBlhqVlMzd0j01OweaExY7LRykSLER7Cyml3qM9Rp4M=" Public Key ID: sha1:c94ab18efcc44ba3c51d39f831a734ad4e78e60b sha256:a01961a9594ccddd23d353b079a13163b2d1ca448b111ec2ca6977a8cf51a783 Public Key PIN: pin-sha256:oBlhqVlMzd0j01OweaExY7LRykSLER7Cyml3qM9Rp4M= - Certificate[1] info: - subject `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR', issuer `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', serial 0x05e4dc3b9438ab3b8597cba6a19850e3, RSA key 2048 bits, signed using RSA-SHA384, activated `2014-09-12 00:00:00 UTC', expires `2024-09-11 23:59:59 UTC', pin-sha256="WGJkyYjx1QMdMe0UqlyOKXtydPDVrk7sl2fV+nNm1r4=" - Certificate[2] info: - subject `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', issuer `CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x13ea28705bf4eced0c36630980614336, RSA key 4096 bits, signed using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', pin-sha256="x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=" - Status: The certificate is NOT trusted. The certificate chain uses expired certificate. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. Note that modern browsers, and OpenSSL 1.1.1 has no problem with this server. Obviously, this also breaks APT. I'm marking this grave, as GnuTLS doesn't seem to follow standards here, various other software just works, GnuTLS-using clients all break, and many many sites on the public Internet send the cross-signed certificate. Thanks, Chris [1] https://crt.sh/?id=1 -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)