View Issue Details

IDProjectCategoryView StatusLast Update
0001035Main CAcert Websitecertificate issuingpublic2014-04-15 22:10
Reporterlaforge Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformDefaultOSany 
Fixed in Version2014 Q1 
Summary0001035: CN gets deleted from subjectAltName on cert renewal
DescriptionWhen renewing certificates that had a given DNS name specified in both the CN and one of the SubjectAltNames, CAcert now suddenly removes the CN from the list of SubjectAltNames.

This is I believe in violation to RFC2818, and the Mozilla developers tend to agree to that position, as you can see from https://bugzilla.mozilla.org/show_bug.cgi?id=369112

In effect it means that my renewed certificates cause certificate verification to fail on the primary host name present in the CN, as at least some web browsers (legitimately!) ignore the CN as soon as SubjectAltNames are present.
Steps To ReproduceUse an old CSR that is already in the CAcert system, which has e.g. the following configuration:

CN: lists.gnumonks.org
subjectAltName: lists.gnumonks.org
subjectAltName: lists.osmocom.org
subjectAltName: lists.gpl-violations.org

Then renew that certificate, and you will get:

CN: lists.gnumonks.org
subjectAltName: lists.osmocom.org
subjectAltName: lists.gpl-violations.org

And Mozilla/NSS based browsers will tell you that the certificate is invalid, as they read RFC2818 actually requires them to ignore the CN if subjectAltNames are present.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

duplicate of 0000440 closedNEOatNHNG Problem with subjectAltName 
related to 0000768 closed CAcert adds CommonName to SubjectAltName, although it's already there 
related to 0000530 closed XMPP extension not present after renewal 
related to 0000799 new Repeated CN in SAN in original CSR and produced in 1st received CRT is removed when CRT is renewed 
has duplicate 0001214 closedNEOatNHNG Extended validity certificates don't have the same Subject Alt Name as newly created certificates 
related to 0001054 needs review & testingTed Review the code regarding the new point calculation in ./includes/general.php 
related to 0001101 needs workTimoAHummel general rewrite of get info from csr routine in includes/general.php 

Activities

mutax

2012-05-01 14:32

reporter   ~0002976

Hi,

as you can see by the related bugs I attached this has a loooong history.

If you look at the code there also seems to be a 'special codepath' for some specific user account. Which scares me.

I just create new CSRs each time I need a reneval. For years now.

NEOatNHNG

2012-05-01 14:39

administrator   ~0002977

I think this is a duplicate of 0000440 which has a fix that still needs some testing. You are welcome to help out there.

If you think this case is different please explain in more detail why it is, otherwise please close this bug report.

laforge

2012-05-01 14:44

reporter   ~0002978

As far as I can tell, bug 440 describes the exact opposite problem:

"... but as you can see, www.fbunet.de now appears twice as a DNS record. Looks like the CN is taken and put into subjectAltName additionally (which makes no sense, as it's already there)."

So the reporter of bug 440 claims that his DNS record from CN is copied into subjectAltName _additionally_. My bug report is about an existing subjectAltName being _removed_ from the certificate upon renewal.

NEOatNHNG

2012-05-01 14:48

administrator   ~0002979

Um, yes. The description is the opposite but the solution is the same: unify the CN/SubjectAlternativeName handling for initial issuing and renewal. So please test on our test server https://cacert1.it-sls.de whether there your problem is solved and please report your findings.

laforge

2012-05-01 15:11

reporter   ~0002980

it seems the test system doesn't have the real CSR's installed (probably for good reasons). As a result, I'm not sure how I can test the specific bug I am encountering, as it occurs when renewing certificates.

Is there a way how I can "go back in time" with the test system, submit a CSR, have it issue a certificate, then fast-forward time and renew the certificate for that old CSR? I would be happy to do it.

NEOatNHNG

2012-05-01 15:17

administrator   ~0002981

No you can't go back in time, but the certificates expire much faster on the test server (3-30 days depending on your assurance status at the test server). So you can submit a CSR identical or equivalent to the one you used some time ago on the live system and then renew that one.

Additional hint: To read mail sent to the test server account and do some other stuff not possible within the test server itself, login to https://ca-mgr1.it-sls.de with the same credentials you created the test server account with.

mutax

2012-05-01 15:22

reporter   ~0002982

At least on the live system I can renew all my certs at any given time.

macfreek

2012-05-01 15:23

reporter   ~0002983

Last edited: 2012-05-01 15:27

View 2 revisions

The problem is the same (inconsistent behaviour between first issue and renewal), the proposed solution by the reporters is different: either use the first-issue as standard, or use the renewal as standard.

I think that the bug submitter is correct that the subjectAltName should contain the domain as present in the CN, since the CN should be ignored if a subjectAltName is present.

Edit: I recommend that the bug reporter comment on 0000440 to explain. I know of the guidelines to handle X509 in email (RFC 5750), if you know of such a reference for X509 as webcertificates, that would be great.

@NEOatNHNG: I'm happy to test, but the test server is a chore. I created an account (with the 5 obligatory insecurity questions, sigh), but the test server does not send out emails. I did found the place (https://ca-mgr1.it-sls.de/mail) where I could read the confirmation mail for my mail address. However, to add an account, I also need to confirm an email, and those mails don't show up there. Without an email, no domain, and without a domain, my CSR is rejected. Hence, I can't test. If you can point me to a page on wiki.cacert.org with a clear step-by-step guide how to use the test server and find the emails, I'm willing to test. Given that this web-email interface is very slow, I find this cumbersome at best.

NEOatNHNG

2012-05-01 16:07

administrator   ~0002984

Last edited: 2012-05-01 16:08

View 2 revisions

@macfreek:

Documentation: https://wiki.cacert.org/Software/Assessment/TestserverManagementSystem and https://wiki.cacert.org/Software/CurrentTest by no means complete, feel free to add

Email being slow: yes, initially the email interface was just a hack to get us started. Now there are so many mails in the same inbox being processed and filtered, that it takes a long time to load. We have to either put some intelligence in to only load the mails received in the last 30 days by default with the possibility to load all after clicking a button for example or truncate the inbox file regularly.

Email not being displayed: what do you mean here? You want to add a domain or additional email address? At least for email addresses I just tried it:
1) Add the email address in the account
2) Login on ca-mgr with the _primary_ email address credentials (the ones you created the account with unless you changed that)
3) Wait a long time for the mail page to load ;-)
4) Scroll all to the bottom and find the confirmation mail (yes, the sorting order is also suboptimal, did I mention it was a hack?)

macfreek

2012-05-01 19:11

reporter   ~0002985

@NEOatNHNG: thanks, it works. I never added a email address to the account, but straight away tried to add a domain. To verify that domain, an email was supposedly send by the test system, but to an email address _not associated with my account_. For that reason, the email was never shown in the webinterface. I just added that email address to my test account, and now the domain verification email did shown up (even the original email earlier today). Either I did not wait long enough, or it apparently is essential to first add an email address before adding a domain. Yes, it feel nice and hackery, but hey - it works now. I'll make a few test certificates and report back in 0000440.

laforge

2012-06-09 13:42

reporter   ~0003058

forgive me for being blunt, but is there anything keeping this issue from being fixed? It seems like a pretty simple thing to do, as it is a regression to previous behaviour and in violation of specification.

A number of my certificates have meanwhile expired now as I am unable to renew them due to this bug. Users are starting to complain about that fact, and I'm seriously annoyed to consider moving away from CAcert and back to my running my own CA for *.{openmoko,osmocom,gpl-violations}.org and other projects :/

Uli60

2012-09-21 22:00

updater   ~0003214

from certs test under other bugs 1054 and 440

1054.3.6 part V

client certs variation
renewal of cert

1. Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00

Now renewing the following certificates:
Certificate for 'certs.test@w.d' has been renewed.
Click here to install your certificate.

(next page) x1)
Install your certificate
Install the certificate into your browser

new cert
Valid certs.test@w.d 1164 Not Revoked 2012-10-21 21:26:44

(next cert after Serial Number: 4449 (0x1161) -> 1164)

cert serno 115c no longer in list

view all certs, 115c listed:
Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00


cert serno 1164 details:
not yet visible in FF cert store
ok, retrying to save new key in FF cert store

Install the certificate into your browser
https://cacert1.it-sls.de/account.php?id=6&cert=259099&install
result: cert stored in cert store ... (or similar msg)

now cert is visible in FF cert store

Serno: 11:64
valid from/to: 21.09.2012 23:26:44 / 21.10.2012 23:26:44
owner:
E = certs.test@w.d
CN = CAcert WoT User
-> ok

cert-alternate-name
Nicht kritisch
E-Mail-Adresse: certs.test@w.d
-> ok


2. renew key
-------------------------------------------------------------
Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39

Name: Certs Sub Test -> ok
Valid from/to: 21.09.2012 15:02:39 / 21.10.2012 15:02:39 -> ok
owner:
E = bug1054.3.6.3.user2@w.d
E = bug1054.3.6.3.user1@w.d
E = certs.test@w.d
CN = Certs Sub Test
-------------------------------------------------------------

Now renewing the following certificates:
Certificate for 'certs.test@w.d' has been renewed.
Click here to install your certificate.
https://cacert1.it-sls.de/account.php?id=6&cert=259100

x1)

link opens new window/tab ...
-> problem

Install your certificate
Install the certificate into your browser
https://cacert1.it-sls.de/account.php?id=6&cert=259100&install

cert saved to cert store

new cert in list:
     Valid certs.test@w.d 1165 Not Revoked 2012-10-21 21:41:56

prev cert not in main list
view all certs (cert still there)
Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39


cert 1165 details
serno: 11:65
valid from/to: 21.09.2012 23:41:56 / 21.10.2012 23:41:56 -> ok
owner:
E = bug1054.3.6.3.user2@w.d
E = bug1054.3.6.3.user1@w.d
E = certs.test@w.d
CN = Certs Sub Test
-> ok

externded keyusage -> ok

cert-alternate-name:
Nicht kritisch
E-Mail-Adresse: certs.test@w.d
E-Mail-Adresse: bug1054.3.6.3.user1@w.d
E-Mail-Adresse: bug1054.3.6.3.user2@w.d
-> ok

=> all ok except problem of https://bugs.cacert.org/view.php?id=1017
   routine



x1)
runs into fix https://bugs.cacert.org/view.php?id=1017 [^]
/account.php?id=6 list 3 options
a. Install the certificate into your browser
b. Download the certificate in PEM format
c. Download the certificate in DER format
using a. with FF

see also https://bugs.cacert.org/view.php?id=1054#c3212
see also https://bugs.cacert.org/view.php?id=440#c3213

Uli60

2012-09-21 22:26

updater   ~0003217

1054.3.6 part VI

server certs variation
renewal of cert

1. Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20

details original cert
openssl x509 -text -in test1-avintec-com-1024-signed-c1.key -noout
....................................................................
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4447 (0x115f)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^]
.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Sep 21 12:19:20 2012 GMT
            Not After : Oct 21 12:19:20 2012 GMT
        Subject: CN=test1.avintec.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
[...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Ne
tscape Server Gated Crypto, Microsoft Server Gated Crypto
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/ [^]

            X509v3 CRL Distribution Points:
                URI:http://crl.cacert.org/revoke.crl [^]

            X509v3 Subject Alternative Name:
                DNS:test1.avintec.com, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
....................................................................
=> ok


starting renewal:
Now renewing the following certificates:
Processing request 302035:
Renewing: test1.avintec.com

-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

content saved to test1-renewal-115f-signed-c1.key

new key after renewal:
Valid test1.avintec.com 1166 Not Revoked 2012-10-21 22:06:42

old key 115f not visible in main server certs list
view all certs (shows in the list)
     Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20

details of server cert 0001166

openssl x509 -text -in test1-renewal-115f-signed-c1.key -noout
.................................................................
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4454 (0x1166)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1
.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Sep 21 22:06:42 2012 GMT
            Not After : Oct 21 22:06:42 2012 GMT
        Subject: CN=test1.avintec.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
[...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Ne
tscape Server Gated Crypto, Microsoft Server Gated Crypto
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 CRL Distribution Points:
                URI:http://crl.cacert.org/revoke.crl

            X509v3 Subject Alternative Name:
                DNS:test1.avintec.com, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
[...]
.................................................................
=> ok


2. Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43
details original cert
openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout
.......................................................................
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4451 (0x1163)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^]
.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Sep 21 14:41:43 2012 GMT
            Not After : Oct 21 14:41:43 2012 GMT
        Subject: CN=test1.avintec.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
[...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Ne
tscape Server Gated Crypto, Microsoft Server Gated Crypto
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/ [^]

            X509v3 CRL Distribution Points:
                URI:http://crl.cacert.org/revoke.crl [^]

            X509v3 Subject Alternative Name:
                DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec
.com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS
:www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un
supported>, DNS:support.avintec.com, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
.......................................................................
=> ok

starting renewal:
Now renewing the following certificates:
Processing request 302038:
Renewing: test1.avintec.com

-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

content saved to test2-renewal-1163-signed-c1.key

new key after renewal:
     Valid test1.avintec.com 1167 Not Revoked 2012-10-21 22:17:20

old key 1163 not visible in main server certs list
view all certs (shows in the list)
     Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43


details of server cert 0001166
openssl x509 -text -in test2-renewal-1163-signed-c1.key -noout
.................................................................
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4455 (0x1167)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1
.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Sep 21 22:17:20 2012 GMT
            Not After : Oct 21 22:17:20 2012 GMT
        Subject: CN=test1.avintec.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
[...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Ne
tscape Server Gated Crypto, Microsoft Server Gated Crypto
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 CRL Distribution Points:
                URI:http://crl.cacert.org/revoke.crl

            X509v3 Subject Alternative Name:
                DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec
.com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS
:www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un
supported>, DNS:support.avintec.com, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
[...]
.................................................................
=> ok


=> all ok


see also https://bugs.cacert.org/view.php?id=440#c3216
see also https://bugs.cacert.org/view.php?id=1054#c3215

INOPIAE

2014-04-15 22:10

updater   ~0004735

fixed with bug 440

Issue History

Date Modified Username Field Change
2012-05-01 07:59 laforge New Issue
2012-05-01 14:25 mutax Relationship added related to 0000440
2012-05-01 14:26 mutax Relationship added related to 0000768
2012-05-01 14:26 mutax Relationship added related to 0000530
2012-05-01 14:28 mutax Relationship added related to 0000799
2012-05-01 14:32 mutax Note Added: 0002976
2012-05-01 14:39 NEOatNHNG Note Added: 0002977
2012-05-01 14:39 NEOatNHNG Relationship replaced duplicate of 0000440
2012-05-01 14:39 NEOatNHNG Status new => solved?
2012-05-01 14:39 NEOatNHNG Resolution open => duplicate
2012-05-01 14:39 NEOatNHNG Assigned To => NEOatNHNG
2012-05-01 14:44 laforge Note Added: 0002978
2012-05-01 14:44 laforge Status solved? => needs feedback
2012-05-01 14:44 laforge Resolution duplicate => reopened
2012-05-01 14:48 NEOatNHNG Note Added: 0002979
2012-05-01 15:11 laforge Note Added: 0002980
2012-05-01 15:11 laforge Status needs feedback => needs work
2012-05-01 15:17 NEOatNHNG Note Added: 0002981
2012-05-01 15:22 mutax Note Added: 0002982
2012-05-01 15:23 macfreek Note Added: 0002983
2012-05-01 15:27 macfreek Note Edited: 0002983 View Revisions
2012-05-01 16:07 NEOatNHNG Note Added: 0002984
2012-05-01 16:08 NEOatNHNG Note Edited: 0002984 View Revisions
2012-05-01 19:11 macfreek Note Added: 0002985
2012-06-09 13:42 laforge Note Added: 0003058
2012-09-21 21:57 Uli60 Relationship added related to 0001054
2012-09-21 22:00 Uli60 Note Added: 0003214
2012-09-21 22:26 Uli60 Note Added: 0003217
2013-01-07 21:47 Werner Dworak Relationship added related to 0001101
2013-09-29 16:27 Uli60 Relationship added has duplicate 0001214
2014-04-15 22:10 INOPIAE Note Added: 0004735
2014-04-15 22:10 INOPIAE Status needs work => closed
2014-04-15 22:10 INOPIAE Assigned To NEOatNHNG =>
2014-04-15 22:10 INOPIAE Resolution reopened => fixed
2014-04-15 22:10 INOPIAE Fixed in Version => 2014 Q1