After upgrading to new dev-libs/openssl-0.9.8l-r1 https connections stopped working in wget/curl and possibly others. Previous version dev-libs/openssl-0.9.8l works fine. Reproducible: Always Steps to Reproduce: 1. curl https://mail.google.com 2. wget https://mail.google.com 3. echo -n | openssl s_client -CApath /etc/ssl/certs/ -connect mail.google.com:443 > /dev/null Actual Results: $ curl https://mail.google.com curl: (35) error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm $ wget https://mail.google.com --2009-11-25 20:06:39-- https://mail.google.com/ Resolving mail.google.com (mail.google.com)... 74.125.87.17, 74.125.87.18, 74.125.87.19, ... Connecting to mail.google.com (mail.google.com)|74.125.87.17|:443... connected. ERROR: cannot verify mail.google.com's certificate, issued by `/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA': certificate signature failure To connect to mail.google.com insecurely, use `--no-check-certificate'. $ echo -n | openssl s_client -CApath /etc/ssl/certs/ -connect mail.google.com:443 > /dev/null depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify error:num=7:certificate signature failure verify return:0 DONE Expected Results: $ curl https://mail.google.com <html><head><meta http-equiv="Refresh" content="0;URL=https://mail.google.com/mail/" /></head><body><script type="text/javascript" language="javascript"><!-- location.replace("https://mail.google.com/mail/") --></script></body></html> $ wget https://mail.google.com --2009-11-25 20:08:14-- https://mail.google.com/ Resolving mail.google.com (mail.google.com)... 74.125.87.83, 74.125.87.17, 74.125.87.18, ... Connecting to mail.google.com (mail.google.com)|74.125.87.83|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 234 [text/html] Saving to: `index.html' 0K 100% 4.32M=0s 2009-11-25 20:08:14 (4.32 MB/s) - `index.html' saved [234/234] $ echo -n | openssl s_client -CApath /etc/ssl/certs/ -connect mail.google.com:443 > /dev/null depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com verify return:1 DONE [ebuild R ] dev-libs/openssl-0.9.8l-r1 USE="(sse2) zlib -bindist -gmp -kerberos -test" 0 kB [ebuild R ] net-misc/wget-1.12 USE="idn nls ssl -debug -ipv6 -ntlm -static" 0 kB [ebuild R ] net-misc/curl-7.19.6 USE="idn ldap ssl -ares -gnutls -ipv6 -kerberos -libssh2 -nss -test" 0 kB
I also get similar errors. dev-libs/openssl-0.9.8l-r1 app-misc/ca-certificates-20090709 /etc/ssl/certs $ openssl verify $(ls Ver*) VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem: OK Verisign_Class_1_Public_Primary_Certification_Authority.pem: /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority error 7 at 0 depth lookup:certificate signature failure 14855:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem: OK Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: OK Verisign_Class_2_Public_Primary_Certification_Authority.pem: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority error 7 at 0 depth lookup:certificate signature failure 14855:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem: OK Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: OK Verisign_Class_3_Public_Primary_Certification_Authority.pem: /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority error 7 at 0 depth lookup:certificate signature failure 14855:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem: OK Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem: OK Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem: OK Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem: OK Verisign_RSA_Secure_Server_CA.pem: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority error 7 at 0 depth lookup:certificate signature failure 14855:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: Verisign_Time_Stamping_Authority_CA.pem: OK
this seems to be caused by disabling of the MD2 digest function. which is to say any certs that rely on MD2 are expected to be broken.
This bug is caused by the fact that OpenSSL verifies the self-signature of the VeriSign root certificate. This signature uses MD2, all other certificates in the chain (Thawte and google.com) use SHA-1. This set of patches disables the checking of trusted root certificates (which does not impact the trust chain negatively), which should solve this bug: http://cvs.openssl.org/chngview?cn=18260 http://cvs.openssl.org/chngview?cn=18317 From the CHANGES entry it appears the commits have made it into 0.9.8l, but 0.9.8l was "renamed" 0.9.8m and "l" was just "k" plus the CVE-2009-3555 (re-negotiation) patch.
i saw that half, but didnt think it relevant. didnt realize that the root certs were self-signing with MD2. at any rate, ive added that to cvs and bumped it to stable with 0.9.8l-r2. thanks for the research.
