https://bugs.exim.org/show_bug.cgi?id=2389
Bug ID: 2389
Summary: tls_verify_certificates - with GnuTLS the CA list is
sent no mater whether tls_verify_certificates points
to dir or file
Product: Exim
Version: 4.91
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: eximusers@???
CC: exim-dev@???
Hello,
spec says:
-------------------
tls_verify_certificates Use: main Type: stringâ Default: system
The value of this option is expanded, and must then be either the word "system"
or the absolute path to a file or directory containing permitted certificates
for clients that match tls_verify_hosts or tls_try_verify_hosts.
[...]
With both OpenSSL and GnuTLS, if the value is a file then the certificates are
sent by Exim as a server to connecting clients, defining the list of accepted
certificate authorities. [...] To avoid this, use the explicit directory
version.
-------------------
For GnuTLS this is not correct. GnuTLS's behavior does not depend on whether a
dir or a file (or "system") was specified, the list is sent unless disabled by
gnutls_certificate_send_x509_rdn_sequence().
I am not sure on what the correct fix is. It would be easiest to simply mimic
the OpenSSL convention (no list for system and dir, list sent for file) and
implement what the docs say.
OTOH even for OpenSSL this is just a convention according to
https://lists.exim.org/lurker/message/20190330.035618.ee329443.en.html - Viktor
Dukhovni writes there:
8X------------------------------------------------------
Actually, it is likely not so much OpenSSL behaviour as such, but rather
the most common application practice, which obviates the need for a
separately configurable parameter to set the list of advertised CAs.
The relevant OpenSSL functions are:
SSL_load_client_CA_file()
SSL_CTX_set_client_CA_list()
The first extracts a list of subject DNs from a file with CA certs,
and the second configures that stack as the list of CAs to advertise.
Many appliations, including Postfix, and likely Exim just use the same
CA file used for client certificate verification as the list of CAs
to advertise. But this is not set in stone, other choices are available,
including using an empty stack.
Note however, that some clients (notably Java) will not send a client
certificate unless the list of CAs sent is non-empty, and IIRC also
includes the trust-anchor that issued the client cert. Thus sending
no CAs or a partial list might suppress client cert use in some clients.
> If you give OpenSSL a file, then it advertises them all to the client.
As explained above, this is not automatic. The OpenSSL application
chooses the file separately from the file with trusted CAs, but many
just always use the same file.
> If you give OpenSSL a directory (processed with c_rehash or equivalent)
> then it advertises none to the client, but can verify them all.
This is the common work-around, but one can also simply use a smaller
file with just the desired issuers.
8X------------------------------------------------------
So GnuTLS would offer an on/off switch and OpenSSL would even offer separate
accepted_certs and advertised_accepted_certs lists.
cu Andreas
--
You are receiving this mail because:
You are on the CC list for the bug.
