273359 - certificate chain not honored anymore - firefox checks only the issuer of the first certificate

Status: RESOLVED INVALID

(Core Graveyard :: Security: UI, defect)

Description

[Sebastian Rieger]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0

Firefox dishonors the certificate chain a web servers sends him. He just checks
the first certificate (the server cert) in the chain. Connecting to
https://notdienst.jura.uni-goettingen.de, the chains refers back to the DFN-PCA
Root CA - Firefox just complains about the issuer of the first (server)
certificate to be unknown. The Root Certificate was added and is listed in
"Manage Certificates". It was also edited to be trusted for authenticating all
purposes (incl. Web Dites). If the intermediate CA certificates are added to the
Authorities it works of course... The error is independent from the added
DFN-PCA Root CA - it also occurs using Thawte SSL123 with intermediate certs or
Comodo Intermediate certs.
Bug occurs using Linux, Windows and Mac OS. It works without problems using
Mozilla, Konqueror, Internet Explorer etc... strange enough it has been working
with Firefox for earlier versions...


Reproducible: Always
Steps to Reproduce:
1. Import DFN-PCA Root-Certificate (https://ca.gwdg.de or http://www.dfn-pca.de)
2. move to https://notdienst.jura.uni-goettingen.de or https://elantest.gwdg.de
(you can check the sending of the chains via openssl s_client -connect
notdienst.jura.uni-goettingen.de -showcerts)

Actual Results:  
The Web Site is not trusted, though the chains refers to a trusted Root CA.

Expected Results:  
The Web Site should be trusted, as the chain refers a trusted Root CA.

tested with different computers and operating systems (see above)

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

According to the SSL and TLS standards, it is the responsibility of EVERY
SSL server to send out a complete chain of certificates, beginning with
the server's own cert, then the cert of the CA tha issued the server cert,
then the cert of the CA that issued that CA's cert, and so on, until it
comes to the root CA.  Servers that conform to the standards work with
mozilla.  

According to the tests I just performed on
https://notdienst.jura.uni-goettingen.de, that server is not sending out 
its full cert chain.  It only sends 2 certs, and the full chain takes 4 
(not including the root CA, which is a fifth cert).

Acording to the tests I just performed on https://elantest.gwdg.de 
that server sends out the full chain, and works with mozilla quite well
(after the root CA is trusted).  

After visiting https://elantest.gwdg.de, when mozilla has seen the full
chain, for some time thereafter, mozilla is able to also succesfully visit
notdienst.jura.uni-goettingen.de.  That is because the browser is still 
remembering the missing CA certs that were received from elantest.gwdg.de,
and with them is able to reconstruct the whole cert chain, even though 
notdienst is not sending them all.  

The only bug discovered during this testing is the incomplete cert chain
being sent by https://notdienst.jura.uni-goettingen.de.