Re: [exim-dev] [Bug 2198] DANE TLSA cert usage type 2 fails …

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 2198] DANE TLSA cert usage type 2 fails depending on the OpenSSL library


> On Dec 9, 2017, at 11:04 AM, admin@??? wrote:
>
> I tried creating a testcase for (2 1 1) mode, but it passes with current master
> and OpenSSL 1.0.1t


The upstream ssl_dane library issue was that the subject name
of synthesized intermediate CA certificates was inadvertently
set NULL after some code "cleanup" in:

    https://github.com/vdukhovni/ssl_dane/commit/df4ce91591815ec9472045b538eeb140270eeecb


this was fixed recently in:

    https://github.com/vdukhovni/ssl_dane/commit/d9767f2fc78dbaf990c18df00bf17fd0c2ee2baa


To produce a test case we need to understand when "synthesized"
intermediate certificates come into play. Because DANE-TA(2)
authentication is independent of the usual WebPKI trusted roots,
and OpenSSL prior to 1.0.2 does not support "partial chains" in
which the trust-anchor is not a self-signed root, what happens
in "ssl_dane" (prior to OpenSSL 1.0.2) is:

  * If the presented certificate that matches the DANE-TA(2)
    TLSA record is self-signed, it becomes the trust-anchor
    for verification as-is.


  * Otherwise, it is not self-signed, and a new certificate
    is generated to replace it, together with a parent issuer
    certificate that is self-signed.


With the bug not patched, the issuer name of the generated
intermediate certificate is inadvertently left empty and
its creation of its "self-signed" issuer detects the empty
name and returns an error.

So to reproduce the problem, your "2 1 1" issuer certificate
MUST NOT be self-signed. The test chain needs to be:

    depth 0:  server, issued by:
    depth 1:  2 1 1 CA issued by:
    depth 2:  another CA, can be left out of presented chain


-- 
    Viktor.