Ubuntu
gnutls28 package

New default %PROFILE_MEDIUM breaks root ceritificates which use SHA1

Bug #1875920 reported by Konstantin Khlebnikov
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnutls28 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

For example /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt used here:

gnutls-cli --starttls-proto smtp --port 25 smtp.yandex.ru -d 2

- Certificate[2] info:
 - subject `CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL', issuer `CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL', serial 0x00939285400165715f947f288fefc99b28, RSA key 2048 bits, signed using RSA-SHA256, activated `2008-10-22 12:07:37 UTC', expires `2027-06-10 10:46:39 UTC', pin-sha256="qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU="
|<2>| issuer in verification was not found or insecure; trying against trust list
|<2>| GNUTLS_SEC_PARAM_MEDIUM: certificate's signature hash strength is unacceptable (is 80 bits, needed 112)

Secure check for SHA1 has exception for self-signed certificates
this check is not:

 if (sigalg >= 0 && se) {
  if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
   MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
  }

  /* If the certificate is not self signed check if the algorithms
   * used are secure. If the certificate is self signed it doesn't
   * really matter.
   */
  if (_gnutls_sign_is_secure2(se, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 &&
      _gnutls_is_broken_sig_allowed(se, flags) == 0 &&
      is_issuer(cert, cert) == 0) {
   MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
  }
 }

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnutls28 (Ubuntu):
status: New → Confirmed
Revision history for this message
Rafał Harabień (rafalh02) wrote :

This change also affects libgadu for me, it can't connect to Gadu-Gadu instant messenger network. The same CA causes the problem (Certum Trusted Network CA).
Fails: gnutls-cli --priority 'NORMAL:%PROFILE_MEDIUM' ggproxy-secure-12.gadu-gadu.pl:443
Works: gnutls-cli --priority 'NORMAL' ggproxy-secure-12.gadu-gadu.pl:443

Revision history for this message
Jacek Kowalski (linux-jacekk) wrote :

Reported upstream: https://gitlab.com/gnutls/gnutls/-/issues/1202

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I would not want to fix this.

CA that use SHA1 are insecure.

Revision history for this message
Simon Déziel (sdeziel) wrote :

@xnox, I _think_ SHA1 isn't used in the insecure way that you seem to be referring to.

The problem seems to be that the certification path used by gnutls ends up with a root CA self-signed with SHA1. The rest of the path is using SHA256 as it should. This can be visualized in "Certification Paths > Path #1: Trusted" on [1]. In theory, using SHA1 on a root CA should not be a concern.

"openssl s_client -connect ggproxy-secure-12.gadu-gadu.pl:443" uses a different path and doesn't meet any self-signed root CA with SHA1.

[1]: https://www.ssllabs.com/ssltest/analyze.html?d=ggproxy-secure-12.gadu-gadu.pl

Revision history for this message
George (gmk57) wrote :

Is it the same issue I've hit with apt on Focal?

'apt update' fails on https://mirror.yandex.ru/ubuntu with:
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses insecure algorithm. Could not handshake: Error in the certificate verification. [IP: 213.180.204.183 443]

The issue is supposedly fixed in GnuTLS 3.7.2.

Are there any plans to backport the fix to Focal?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.