Comment 0 for bug 1033516

Verisign shipped G1 PCA Roots with md2 signatures on them. At some point, they
resigned those same roots using SHA1.

See discussion here:
https://groups.google.com/forum/?fromgroups#!msg/mozilla.dev.security.policy/I6bUbW3WkBU/lRxqGv6vYHYJ

In Ubuntu, the Verisign md2 certs do not ship in the system CA certs bundle, as
the sha1 certs are being shipped instead. SSL libraries are supposed to verify
certs with the sha1 G1 PCA Root just fine, even if the web site sends the md2
G1 PCA Root as part of the cert bundle.

You can test this by using the following command:

gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt --print-cert -p 443
secure-test.streamline-esolutions.com

In older versions of libsoup, such as 2.36.1, this worked fine. Since libsoup
2.37.1, this is no longer working correctly. It seems glib-networking
gtlsfiledatabase-gnutls.c:g_tls_file_database_gnutls_lookup_assertion() is
attempting to validate the whole DER, which wouldn't properly accept the sha1
cert for validation.

Attached is a reproducer. It will first attempt to validate the web site cert
using the old md2 Root, and then will attempt with the sha1 Root. Both should
succeed. With libsoup > 2.37, the sha1 Root fails verification.