[Bug 1565293] Re: OpenSSL 1.0.1 fails to recognize cross-signed roots as trusted

Niklas Keller 1565293 at bugs.launchpad.net
Sat Apr 2 22:42:24 UTC 2016 

We originally encountered that issue on Travis. After I couldn't
reproduce it locally on my 15.10 machine, I downloaded Ubuntu Server
14.04 and could verify it in a VM. Seems like I forgot to install the
latest updates, verified it's fixed in the latest version.

I'll notify the Travis team, so they can update their images.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1565293

Title:
  OpenSSL 1.0.1 fails to recognize cross-signed roots as trusted

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  Google has it's own certificate authority "Google Internet Authority
  G2", which is signed by "GeoTrust Global CA". GeoTrust's certificate
  is already in the trust stores, but it's cross-signed by an older root
  named "Equifax Secure Certificate Authority".

  The Equifax uses a 1024 bit private key and has therefore been removed
  by Mozilla in their library (NSS), see
  https://bugzilla.mozilla.org/show_bug.cgi?id=1156844.

  Issuance from 1024 bit roots has been stopped in 2010 or 2011 IIRC and
  1024 bit keys are no longer safe enough, so the root has been excluded
  from their root program. However, Ubuntu 12.04 and 14.04 do still ship
  with that root in their trust store.

  A bug in the currently default OpenSSL 1.0.1f (at least in 14.04)
  causes OpenSSL to error if that root is missing, even if the previous
  root certificate "GeoTrust Global CA" is already in the root and
  therefore trusted. It seems like it doesn't stop on the first trusted
  certificate but instead requires a complete chain, so requires the
  "Equifax Secure Certificate Authority" to be in the trust store. That
  behavior is fixed in OpenSSL 1.0.2.

  All 1024 bit roots should be removed from the default trust stores as
  soon as possible. For this to work, the OpenSSL bug has to be
  backported first.

  If this is not going to be fixed, at least in 2018, we'll have an
  issue, because that's the date where "Equifax Secure Certificate
  Authority" will expire. If Google and various other sites will not
  change their root to be non-cross-signed, many connections will break
  and fail.

  Domains I know to use old cross-signed certificates: google.com,
  yahoo.com. I didn't do any scans, those were just the first two I
  tried.

  The following will happen on Aug 22 2018 without a fix:

  kelunik at example:~$ faketime '2018-08-23 00:00:00' openssl s_client -quiet -verify_return_error -connect google.com:443 -CApath /usr/lib/ssl/certs
  depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
  verify error:num=10:certificate has expired
  notAfter=Aug 22 16:41:51 2018 GMT
  verify return:0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1565293/+subscriptions

More information about the foundations-bugs mailing list