verification error on duplicate server cert in chain
Hello,
gnutls fails to verify ci.debian.net
*prompt*> gnutls-cli ci.debian.net
*** Fatal error: Error in the certificate.
Processed 127 CA certificate(s).
Resolving 'ci.debian.net:443'...
Connecting to '52.34.117.196:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `CN=ci.debian.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04568ce008fea2f0063e06ef52b45111a3ec, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2022-01-16 23:00:15 UTC', expires `2022-04-16 23:00:14 UTC', pin-sha256="rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o="
Public Key ID:
sha1:344bd3eb5105d3b830dd87f6f5e4435e8aacdf6d
sha256:ad60bf96ef3f8a50d84279e45abf4950fdd3852ae9e4f8b4f211575afde1effa
Public Key PIN:
pin-sha256:rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o=
- Certificate[1] info:
- subject `CN=ci.debian.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04568ce008fea2f0063e06ef52b45111a3ec, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2022-01-16 23:00:15 UTC', expires `2022-04-16 23:00:14 UTC', pin-sha256="rWC/lu8/ilDYQnnkWr9JUP3ThSrp5Pi08hFXWv3h7/o="
- Certificate[2] info:
- subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
- subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
Looking at the output there seems to be a minor configuration issue, the server certificate is sent twice. I have grabbed the certs with gnutls-cli --save-cert
(which yields a file with different order than the one reported by gnutls-cli (ci.debian.net, R3, ci.debian.net, ISRG Root X1) and got a error with certtool, too:
ametzler@argenau:~$ certtool --infile=/tmp/ci.pem --verify
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Loaded system trust (127 CAs available)
Subject: CN=ci.debian.net
Issuer: CN=R3,O=Let's Encrypt,C=US
Signature algorithm: RSA-SHA256
Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.
Subject: CN=ci.debian.net
Issuer: CN=R3,O=Let's Encrypt,C=US
Signature algorithm: RSA-SHA256
Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.
Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.
Removing the second instance of ci.debian.net cert from the file lets certtool succeed:
ametzler@argenau:~$ certtool --infile=/tmp/ci-noduplicate.pem --verify
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Loaded system trust (127 CAs available)
Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
Signature algorithm: RSA-SHA256
Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown.
Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
Checked against: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Signature algorithm: RSA-SHA256
Output: Verified. The certificate is trusted.
Subject: CN=R3,O=Let's Encrypt,C=US
Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Checked against: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Signature algorithm: RSA-SHA256
Output: Verified. The certificate is trusted.
Subject: CN=ci.debian.net
Issuer: CN=R3,O=Let's Encrypt,C=US
Checked against: CN=R3,O=Let's Encrypt,C=US
Signature algorithm: RSA-SHA256
Output: Verified. The certificate is trusted.
Chain verification output: Verified. The certificate is trusted.
ISRG_Root_X1.pem is in the truststore, so the minimal fails/works testcases are
certtool --infile=/tmp/ci.pem --verify --load-ca-certificate=/etc/ssl/certs/ISRG_Root_X1.pem
certtool --infile=/tmp/ci-noduplicate.pem --verify --load-ca-certificate=/etc/ssl/certs/ISRG_Root_X1.pem
ci-noduplicate.pemISRG_Root_X1.pem
This looks very similar to #1131 (closed).