Dear GnuTLS folks,
There is a regression in the banking software AqBanking [1] after the
removal of a certificate with a short hash. AqBanking uses Gwenhywfar,
which uses GnuTLS.
The good thing is, that the GnuTLS tools work.
> Status: The certificate is trusted.
```
$ echo "" | gnutls-cli hbci11.fiducia.de 443
Processed 166 CA certificate(s).
Resolving 'hbci11.fiducia.de:443'...
Connecting to '195.200.35.18:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=hbci11.fiducia.de,OU=Produktion,O=Fiducia & GAD IT
AG,L=Karlsruhe,ST=Baden-Wuerttemberg,C=DE', issuer `CN=Symantec Class 3 Secure
Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial
0x4ea797384997e61f9294b5ea9dd6dd71, RSA key 2048 bits, signed using RSA-SHA256,
activated `2016-05-04 00:00:00 UTC', expires `2017-08-03 23:59:59 UTC',
pin-sha256="zonnfxgRNRjW4PB/K413ypyNzEt1Csmh9FbSl3aeA1U="
Public Key ID:
sha1:b3b832d4acd3ba172cffd79969f83d60dd3be5c4
sha256:ce89e77f18113518d6e0f07f2b8d77ca9c8dcc4b750ac9a1f456d297769e0355
Public Key PIN:
pin-sha256:zonnfxgRNRjW4PB/K413ypyNzEt1Csmh9FbSl3aeA1U=
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| |
| |
| + S . o |
| o =. o o . E|
| . =... + = oo|
| = +. o *..o.|
| oB.... o. ...|
+-----------------+
- Certificate[1] info:
- subject `CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust
Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public
Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For
authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', serial
0x513fb9743870b73440418d30930699ff, RSA key 2048 bits, signed using RSA-SHA256,
activated `2013-10-31 00:00:00 UTC', expires `2023-10-30 23:59:59 UTC',
pin-sha256="9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY="
- Certificate[2] info:
- subject `CN=VeriSign Class 3 Public Primary Certification Authority -
G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust
Network,O=VeriSign\, Inc.,C=US', issuer `OU=Class 3 Public Primary
Certification Authority,O=VeriSign\, Inc.,C=US', serial
0x250ce8e030612e9f2b89f7054d7cf8fd, RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC',
pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID:
A6:CC:C9:86:3B:50:7D:AA:0F:14:F4:78:22:19:A4:B2:83:A5:9E:AF:C4:13:FD:8E:64:86:A2:46:F2:A9:F4:C3
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed
- Simple Client Mode:
```
Now, if Gwenhywfar is used, a different certificate chain is used.
Long certificate chain with intermediate certificate and old root
certificate 1,3,5,6 or 2,4,5,6 for hbci.postbank.de and
hbci11.fiducia.de.
6: VeriSign Class 3 Public Primary Certification Authority (root CA, 1024 bit
RSA key)
|
V
5: VeriSign Class 3 Public Primary Certification Authority - G5 (intermediate)
| |
V V
3: Symantec Class 3 EV SSL CA - G3 4: Symantec Class 3 Secure
Server CA - G4
| |
V V
1: hbci.postbank.de 2: hbci11.fiducia.de
----------------------------------------------------------------------------------------
Short certificate chain without intermediate certificates 1,3,7 or 2,4,7:
7: VeriSign Class 3 Public Primary Certification Authority - G5 (root CA,
2048 bit RSA)
| |
V V
3: Symantec Class 3 EV SSL CA - G3 4: Symantec Class 3 Secure
Server CA - G4
| |
V V
1: hbci.postbank.de 2: hbci11.fiducia.de
Could you please help how to deal with this situation? The code calls
`gnutls_certificate_verify_peers2()` in line 640 [2].
```
[…]
rv=gnutls_certificate_verify_peers2(xio->session, &status);
if (rv<0) {
DBG_INFO(GWEN_LOGDOMAIN, "gnutls_certificate_verify_peers2: %d (%s)", rv,
gnutls_strerror(rv));
GWEN_SslCertDescr_free(certDescr);
return GWEN_ERROR_SSL_SECURITY;
}
if (gnutls_certificate_type_get(xio->session)!=GNUTLS_CRT_X509) {
DBG_INFO(GWEN_LOGDOMAIN, "Certificate is not X.509");
GWEN_SslCertDescr_free(certDescr);
return GWEN_ERROR_SSL_SECURITY;
}
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
DBG_INFO(GWEN_LOGDOMAIN, "Signer not found");
GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Warning,
I18N("Signer not found"));
errFlags|=GWEN_SSL_CERT_FLAGS_SIGNER_NOT_FOUND;
}
if (status & GNUTLS_CERT_INVALID) {
DBG_INFO(GWEN_LOGDOMAIN, "Certificate is not trusted");
GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Warning,
I18N("Certificate is not trusted"));
errFlags|=GWEN_SSL_CERT_FLAGS_INVALID;
}
[…]
```
Thanks,
Paul
[1] https://www.aquamaniac.de/sites/aqbanking/
[2]
https://sources.debian.net/src/libgwenhywfar/4.17.0-3/src/sio/syncio_tls.c/#L640
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
