Cannot connect to jabber.ccc.de with tls_verify = true on Ubuntu 12.04 beta

[aoeui]

I just updated to Ubuntu 12.04 beta on my server. I am running the latest checkout from bzr, compiled to use GnuTLS. When I try to connect to jabber.ccc.de with tls_verify=true, I get the following error:

jabber5 - Login error: Certificate verification problem 0x44: certificate uses an insecure algorithm

Ubuntu reports that the following gnutls libraries are installed:

ii  libgnutls-dev                   2.12.14-5ubuntu2                           GNU TLS library - development files
ii  libgnutls-openssl27             2.12.14-5ubuntu2                           GNU TLS library - OpenSSL wrapper
ii  libgnutls26                     2.12.14-5ubuntu2                           GNU TLS library - runtime library
rc  libgnutlsxx26                   2.10.5-1ubuntu3                            the GNU TLS library - C++ runtime library
ii  libgnutlsxx27                   2.12.14-5ubuntu2                           GNU TLS library - C++ runtime library

This problem started only after upgrading to 12.04 from 11.10

[AopicieR]

The problem is that the certificate of jabber.ccc.de is signed by CAcert and apparently they use RSA-MD5 as their signature algorithm, see ​http://www.cacert.org/certs/root.txt . This algorithm has been deprecated in GnuTLS over three years ago (since version 2.7.4).

A potential workaround is mentioned in the NEWS file.

Version 2.7.5 (released 2009-02-06)

libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@…> in <​http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

[anonymous]

I appear to have the CAcert certs in /etc/ssl/certs/ca-certificates.crt. I never had this issue with 11.10, it started with the update to 12.04. I think this is a new problem.

[AopicieR]

The workaround talks about installing all the intermediate certificates for this server, not just the root one. What does

gnutls-cli -p 5223 jabber.ccc.de

give you? If this works under 11.10 and fails under 12.04 then there has been a change in GnuTLS in Ubuntu between these two versions that affects its behavior with respect to MD5. This is what I expect.

[aoeui]

Replying to AopicieR:

The workaround talks about installing all the intermediate certificates for this server, not just the root one. What does

gnutls-cli -p 5223 jabber.ccc.de

give you? If this works under 11.10 and fails under 12.04 then there has been a change in GnuTLS in Ubuntu between these two versions that affects its behavior with respect to MD5. This is what I expect.

Both 11.10 and 12.04 have the same output from that command:

$ gnutls-cli -p 5223 jabber.ccc.de
Resolving 'jabber.ccc.de'...
Connecting to '217.10.10.194:5223'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1022 bits
 - Peer's public key: 1024 bits
- Certificate type: X.509
 - Got a certificate list of 3 certificates.
 - Certificate[0] info:
  - subject `C=DE,ST=Hamburg,L=Hamburg,O=Chaos Computer Club e.V.,CN=jabber.ccc.de', issuer `O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3 Root', RSA key 3629 bits, signed using RSA-SHA1, activated `2010-09-28 09:08:42 UTC', expires `2012-09-27 09:08:42 UTC', SHA-1 fingerprint `07d571f65088af51f7014cb2dc297e775b1a2365'
 - Certificate[1] info:
  - subject `O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3 Root', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', RSA key 4096 bits, signed using RSA-MD5 (broken!), activated `2005-10-14 07:36:55 UTC', expires `2033-03-28 07:36:55 UTC', SHA-1 fingerprint `db4c4269073fe9c2a37d890a5c1b18c4184e2a2d'
 - Certificate[2] info:
  - subject `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', RSA key 4096 bits, signed using RSA-MD5 (broken!), activated `2003-03-30 12:29:49 UTC', expires `2033-03-29 12:29:49 UTC', SHA-1 fingerprint `135cec36f49cb8e93b1ab270cd80884676ce8f33'
- The hostname in the certificate matches 'jabber.ccc.de'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

[AopicieR]

It turns out that the command I've suggested is not the right one to test this. Rather one has to use

gnutls-cli --x509cafile /etc/ssl/certs/cacert.org.pem -p 5223 jabber.ccc.de

This succeeds on 11.10 and fails on 12.04. This means that the workaround I've quoted above is not valid with more recent versions of GnuTLS anymore: cacert.org.pem does already contain both the root and the intermediate cert and the server cert is signed by the intermediate cert with SHA1, so that verification should succeed according to the quote above.

I don't know why or when exactly this behavior has changed. I don't find anything related in the NEWS file or the changelog.

[AopicieR]

The solution is that jabber.ccc.de is sending some old version of the intermediate certificate which is after all NOT the one shipped with Debian/Ubuntu (although it has the same subject). That's why the workaround does not kick in (which is still in place as one can see by connecting to swissjabber.ch which sends the recent version of the intermediate certificate). Adding the intermediate certificate sent by jabber.ccc.de to the list of trusted CAs by hand should solve your problem.

[AopicieR]

Final observation: this was not caused by a change to GnuTLS but by a change to the ca-certificates package which only ships the new version of the intermediate certificate instead of the old one since 2011-10-25. Now the issue is finally understood.

[aoeui]

Adding the old jabber.ccc.de intermediate did the trick. Thanks!

[wilmer]

Not a bug then, thanks for figuring this out guys.

[ilf@…]

sill subscribing, just in case

[ilf@…]

Hitting this after Precise release.

Adding the second from "openssl s_client -showcerts -connect jabber.ccc.de:5223" to /etc/ssl/certs/ca-certificates.crt did indeed do the trick.

But this doesn't sound right, since a change in the ca-certificates package will update that file again.

[wilmer]

There's a solution for that, see README.Debian for ca-certificates:

If you want to install local certificate authorities to be implicitly trusted, please put the certificate files as single files ending with “.crt“ into “/usr/local/share/ca-certificates” and re-run “update-ca-certificates”.

[klingel]

German solution on ​http://bestewogibt.de/2013/jabber-ccc-de-und-das-ssl-zertifikat/ worked for me. Ub12.10, Pidgin 2.10.6 (libpurple 2.10.6):

1. openssl s_client -connect jabberd.jabber.ccc.de:443
2. Copy from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– in newly created file ~/.purple/certificates/x509/tls_peers/jabber.ccc.de
3. reconnect with pidgin

[anonymous]

Unable to validate certificate

The certificate for jabber.ccc.de could not be validated. The certificate chain presented is invalid.

Pidgin 2.14.4 (libpurple 2.14.4)

Hat jemand eine Lösung dafür finde keine certificate File zum impotieren bei jabber.ccc.de auch bei Google, seit Monaten haben die Probleme

[wilmer]

Uhh, nee, daar is deze bugtracker niet voor bedoeld.