On 09/12/17 19:28, Viktor Dukhovni wrote:
> With the bug not patched, the issuer name of the generated
> intermediate certificate is inadvertently left empty and
> its creation of its "self-signed" issuer detects the empty
> name and returns an error.
>
> So to reproduce the problem, your "2 1 1" issuer certificate
> MUST NOT be self-signed. The test chain needs to be:
>
> depth 0: server, issued by:
> depth 1: 2 1 1 CA issued by:
> depth 2: another CA, can be left out of presented chain
Any other conditions? I've set that situation up but still get
a pass on an unpatched system.
Any restrictions on the chain sent by the server? On the CAs
known by the client?
Relevant bits of client debug output:
======
15:36:16 9790 Calling SSL_connect
15:36:16 9790 SSL info: before/connect initialization
15:36:16 9790 SSL info: before/connect initialization
15:36:16 9790 SSL info: SSLv2/v3 write client hello A
15:36:16 9790 Received TLS status response (OCSP stapling): null
15:36:16 9790 SSL info: SSLv3 read server hello A
15:36:16 9790 Dane verify_cert
15:36:16 9790 wrap_issuer 479 top=0
15:36:16 9790 wrap_issuer 482
15:36:16 9790 set_issuer_name 418: Xsn ''
15:36:16 9790 wrap_issuer 479 top=1
15:36:16 9790 wrap_issuer 482
15:36:16 9790 set_issuer_name 418: Xsn ''
15:36:16 9790 Dane verify_chain
15:36:16 9790 Dane name_check: matched SAN *.test.ex
15:36:16 9790 verify_callback_client_dane: ok depth 1
/O=example.com/CN=clica Signing Cert rsa
15:36:16 9790 verify_callback_client_dane: ok depth 0
/CN=server1.example.com
15:36:16 9790 SSL info: SSLv3 read server certificate A
15:36:16 9790 SSL info: SSLv3 read server key exchange A
15:36:16 9790 SSL info: SSLv3 read server done A
15:36:16 9790 SSL info: SSLv3 write client key exchange A
15:36:16 9790 SSL info: SSLv3 write change cipher spec A
15:36:16 9790 SSL info: SSLv3 write finished A
15:36:16 9790 SSL info: SSLv3 flush data
15:36:16 9790 SSL info: SSLv3 read finished A
15:36:16 9790 SSL info: SSL negotiation finished successfully
15:36:16 9790 SSL info: SSL negotiation finished successfully
15:36:16 9790 Dane lib-cleanup
15:36:16 9790 SSL_connect succeeded
=======
The "Signing cert" is an intermediate, signed by the anchor
(selfsigned). The empty names seen by set_issuer_name() were
an X509_print_ex of X509_get_subject_name(cert).
--
Thanks,
Jeremy