Re: GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification

[Michal Suchanek]

On 30 October 2012 14:17, Nikos Mavrogiannopoulos <address@hidden> wrote:
> On Tue, Oct 30, 2012 at 10:04 AM, Michal Suchanek <address@hidden> wrote:
>> Hello,
>> when this flag is set some certificates cannot be verified.
>> hermes.jabber.org sends a certificate chain laid out like
>> S R I  where S is the server certificate, R is root certificate, and I
>> is intermediate certificate which signs S and is signed by R. R is
>> known CA.
>> gnutls-cli version 2.8.6, 3.0.20 and 3.0.22 cannot verify the
>> certificate. gnutls-cli version 3.1.3 can.
>> Upgrading gnutls to 3.1 does not enable an application to verify
>> certificate unless the code setting GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
>> is disabled in the application.
>
> The GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is a dangerous flag and you
> shouldn't use it unless you really know the consequences. In short it
> means that an end-user certificate may pretend to be a CA.
>
> Now for the issue you see. It is because you do not set the flag
> GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. If you set this flag then unsorted
> chains will be sorted prior to verification. The reason you see this
> failure is because this flag is enabled by default on a credentials
> structure, unless it is overridden by other flags as you do.

The verification does not work on gnutls before 3.1 regardless of setting flags.

Has that default changed in 3.1?

Thanks

Michal