Modify

#935 closed defect (notabug)

Cannot connect to jabber.ccc.de with tls_verify = true on Ubuntu 12.04 beta

Reported by: aoeui Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.5
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:

Description

I just updated to Ubuntu 12.04 beta on my server. I am running the latest checkout from bzr, compiled to use GnuTLS. When I try to connect to jabber.ccc.de with tls_verify=true, I get the following error:

jabber5 - Login error: Certificate verification problem 0x44: certificate uses an insecure algorithm

Ubuntu reports that the following gnutls libraries are installed:

ii  libgnutls-dev                   2.12.14-5ubuntu2                           GNU TLS library - development files
ii  libgnutls-openssl27             2.12.14-5ubuntu2                           GNU TLS library - OpenSSL wrapper
ii  libgnutls26                     2.12.14-5ubuntu2                           GNU TLS library - runtime library
rc  libgnutlsxx26                   2.10.5-1ubuntu3                            the GNU TLS library - C++ runtime library
ii  libgnutlsxx27                   2.12.14-5ubuntu2                           GNU TLS library - C++ runtime library

This problem started only after upgrading to 12.04 from 11.10

Attachments (0)

Change History (13)

comment:1 Changed at 2012-04-02T12:56:27Z by AopicieR

The problem is that the certificate of jabber.ccc.de is signed by CAcert and apparently they use RSA-MD5 as their signature algorithm, see http://www.cacert.org/certs/root.txt . This algorithm has been deprecated in GnuTLS over three years ago (since version 2.7.4).

A potential workaround is mentioned in the NEWS file.

Version 2.7.5 (released 2009-02-06)

libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@…> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

comment:2 Changed at 2012-04-02T13:51:58Z by anonymous

I appear to have the CAcert certs in /etc/ssl/certs/ca-certificates.crt. I never had this issue with 11.10, it started with the update to 12.04. I think this is a new problem.

comment:3 Changed at 2012-04-02T14:25:00Z by AopicieR

The workaround talks about installing all the intermediate certificates for this server, not just the root one. What does

gnutls-cli -p 5223 jabber.ccc.de

give you? If this works under 11.10 and fails under 12.04 then there has been a change in GnuTLS in Ubuntu between these two versions that affects its behavior with respect to MD5. This is what I expect.

comment:4 in reply to:  3 Changed at 2012-04-02T14:38:17Z by aoeui

Replying to AopicieR:

The workaround talks about installing all the intermediate certificates for this server, not just the root one. What does

gnutls-cli -p 5223 jabber.ccc.de

give you? If this works under 11.10 and fails under 12.04 then there has been a change in GnuTLS in Ubuntu between these two versions that affects its behavior with respect to MD5. This is what I expect.

Both 11.10 and 12.04 have the same output from that command:

$ gnutls-cli -p 5223 jabber.ccc.de
Resolving 'jabber.ccc.de'...
Connecting to '217.10.10.194:5223'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1022 bits
 - Peer's public key: 1024 bits
- Certificate type: X.509
 - Got a certificate list of 3 certificates.
 - Certificate[0] info:
  - subject `C=DE,ST=Hamburg,L=Hamburg,O=Chaos Computer Club e.V.,CN=jabber.ccc.de', issuer `O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3 Root', RSA key 3629 bits, signed using RSA-SHA1, activated `2010-09-28 09:08:42 UTC', expires `2012-09-27 09:08:42 UTC', SHA-1 fingerprint `07d571f65088af51f7014cb2dc297e775b1a2365'
 - Certificate[1] info:
  - subject `O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3 Root', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', RSA key 4096 bits, signed using RSA-MD5 (broken!), activated `2005-10-14 07:36:55 UTC', expires `2033-03-28 07:36:55 UTC', SHA-1 fingerprint `db4c4269073fe9c2a37d890a5c1b18c4184e2a2d'
 - Certificate[2] info:
  - subject `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', RSA key 4096 bits, signed using RSA-MD5 (broken!), activated `2003-03-30 12:29:49 UTC', expires `2033-03-29 12:29:49 UTC', SHA-1 fingerprint `135cec36f49cb8e93b1ab270cd80884676ce8f33'
- The hostname in the certificate matches 'jabber.ccc.de'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

comment:5 Changed at 2012-04-02T17:04:08Z by AopicieR

It turns out that the command I've suggested is not the right one to test this. Rather one has to use

gnutls-cli --x509cafile /etc/ssl/certs/cacert.org.pem -p 5223 jabber.ccc.de

This succeeds on 11.10 and fails on 12.04. This means that the workaround I've quoted above is not valid with more recent versions of GnuTLS anymore: cacert.org.pem does already contain both the root and the intermediate cert and the server cert is signed by the intermediate cert with SHA1, so that verification should succeed according to the quote above.

I don't know why or when exactly this behavior has changed. I don't find anything related in the NEWS file or the changelog.

comment:6 Changed at 2012-04-02T17:43:35Z by AopicieR

The solution is that jabber.ccc.de is sending some old version of the intermediate certificate which is after all NOT the one shipped with Debian/Ubuntu (although it has the same subject). That's why the workaround does not kick in (which is still in place as one can see by connecting to swissjabber.ch which sends the recent version of the intermediate certificate). Adding the intermediate certificate sent by jabber.ccc.de to the list of trusted CAs by hand should solve your problem.

comment:7 Changed at 2012-04-02T18:08:41Z by AopicieR

Final observation: this was not caused by a change to GnuTLS but by a change to the ca-certificates package which only ships the new version of the intermediate certificate instead of the old one since 2011-10-25. Now the issue is finally understood.

comment:8 Changed at 2012-04-03T13:29:47Z by aoeui

Adding the old jabber.ccc.de intermediate did the trick. Thanks!

comment:9 Changed at 2012-04-03T22:39:59Z by wilmer

Resolution: notabug
Status: newclosed

Not a bug then, thanks for figuring this out guys.

comment:10 Changed at 2012-04-04T12:15:24Z by ilf@…

sill subscribing, just in case

comment:11 Changed at 2012-04-27T07:08:11Z by ilf@…

Hitting this after Precise release.

Adding the second from "openssl s_client -showcerts -connect jabber.ccc.de:5223" to /etc/ssl/certs/ca-certificates.crt did indeed do the trick.

But this doesn't sound right, since a change in the ca-certificates package will update that file again.

comment:12 Changed at 2012-04-27T11:22:56Z by wilmer

There's a solution for that, see README.Debian for ca-certificates:

If you want to install local certificate authorities to be implicitly trusted, please put the certificate files as single files ending with “.crt“ into “/usr/local/share/ca-certificates” and re-run “update-ca-certificates”.

comment:13 Changed at 2013-03-04T09:47:46Z by klingel

German solution on http://bestewogibt.de/2013/jabber-ccc-de-und-das-ssl-zertifikat/ worked for me. Ub12.10, Pidgin 2.10.6 (libpurple 2.10.6):

  1. openssl s_client -connect jabberd.jabber.ccc.de:443
  2. Copy from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– in newly created file ~/.purple/certificates/x509/tls_peers/jabber.ccc.de
  3. reconnect with pidgin

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.