Gitweb:
https://git.exim.org/exim.git/commitdiff/e326959e5e455e1b46124b023e0b202e4892e501
Commit: e326959e5e455e1b46124b023e0b202e4892e501
Parent: 6219e0ec4a59a06b84eaabb6b3ae5d9e8f166672
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Sep 26 19:28:53 2019 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Sep 26 19:34:09 2019 +0100
GnuTLS: full-chain OCSP stapling. Bug 1466
---
doc/doc-docbook/spec.xfpt | 10 +-
doc/doc-txt/NewStuff | 2 +
src/src/tls-gnu.c | 155 ++++++++++++++++-----
src/src/tls-openssl.c | 3 +
.../CA/CA.ocsp.signernocert.good.resp.pem | 31 +++++
.../CA/Signer.ocsp.signernocert.good.resp.pem | 31 +++++
.../CA/Signer.ocsp.signernocert.revoked.resp.pem | 33 +++++
.../exim-ca/example.com/CA/index.revoked.txt | 1 +
.../exim-ca/example.com/CA/index.valid.txt | 2 +
test/aux-fixed/exim-ca/genall | 60 +++++++-
test/aux-var-src/tls_conf_prefix | 2 +-
test/confs/{5653 => 5655} | 38 +++--
test/log/5653 | 9 --
test/log/5655 | 27 ++++
test/scripts/5655-OCSP-GnuTLS-1.3/5655 | 59 ++++++++
test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES | 4 +
16 files changed, 408 insertions(+), 59 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 5acdce0..118b7b5 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17836,7 +17836,15 @@ For GnuTLS 3.5.6 or later the expanded value of this option can be a list
of files, to match a list given for the &%tls_certificate%& option.
The ordering of the two lists must match.
-The file(s) should be in DER format
+.new
+The file(s) should be in DER format,
+except for GnuTLS 3.6.3 or later when an optional filetype prefix
+can be used. The prefix must be one of "DER" or "PEM", followed by
+a single space. If one is used it sets the format for subsequent
+files in the list; the initial format is DER.
+When a PEM format file is used it may contain multiple proofs,
+for multiple certificate chain element proofs under TLS1.3.
+.wen
.option tls_on_connect_ports main "string list" unset
.cindex SSMTP
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 8577f6d..a1534c5 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -35,6 +35,8 @@ Version 4.93
11. Main options for DKIM verify to filter hash and key types.
+12. Under GnuTLS, with TLS1.3, support for full-chain OCSP stapling.
+
Version 4.92
--------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index fce4b86..52128b9 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -77,7 +77,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
# define SUPPORT_SRV_OCSP_STACK
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030603
+# define EXIM_HAVE_TLS1_3
# define SUPPORT_GNUTLS_EXT_RAW_PARSE
+# define GNUTLS_OCSP_STATUS_REQUEST_GET2
#endif
#ifdef SUPPORT_DANE
@@ -115,6 +117,9 @@ options_tls(void)
# ifdef EXPERIMENTAL_TLS_RESUME
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# endif
+# ifdef EXIM_HAVE_TLS1_3
+builtin_macro_create(US"_HAVE_TLS1_3");
+# endif
}
#else
@@ -886,7 +891,7 @@ tls_server_clienthello_ext(void * ctx, unsigned tls_id,
/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
if (tls_id == 5) /* status_request */
{
- DEBUG(D_tls) debug_printf("Seen status_request extension\n");
+ DEBUG(D_tls) debug_printf("Seen status_request extension from client\n");
tls_in.ocsp = OCSP_NOT_RESP;
}
return 0;
@@ -901,15 +906,51 @@ tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype,
return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO);
}
+
+
+/* Make a note that we saw a status-response */
+static int
+tls_server_servercerts_ext(void * ctx, unsigned tls_id,
+ const unsigned char *data, unsigned size)
+{
+/* debug_printf("%s %u\n", __FUNCTION__, tls_id); */
+/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
+if (FALSE && tls_id == 5) /* status_request */
+ {
+ DEBUG(D_tls) debug_printf("Seen status_request extension\n");
+ tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
+ ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */
+ }
+return 0;
+}
+
+/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */
+static int
+tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype,
+ unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
+{
+/* Call fn for each extension seen. 3.6.3 onwards */
+#ifdef notdef
+/*XXX crashes */
+return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
+#endif
+}
#endif
+/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the
+ "Handshake Protocol: Certificate" record.
+So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s)
+
+This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term).
+*/
+
#if defined(EXPERIMENTAL_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
/* Callback for certificate-status, on server. We sent stapled OCSP. */
static int
tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
-DEBUG(D_tls) debug_printf("Sending certificate-status\n");
+DEBUG(D_tls) debug_printf("Sending certificate-status\n"); /*XXX we get this for tls1.2 but not for 1.3 */
#ifdef SUPPORT_SRV_OCSP_STACK
tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */
@@ -924,11 +965,14 @@ static int
tls_server_hook_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
{
+/* debug_printf("%s: htype %u\n", __FUNCTION__, htype); */
switch (htype)
{
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
case GNUTLS_HANDSHAKE_CLIENT_HELLO:
return tls_server_clienthello_cb(sess, htype, when, incoming, msg);
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ return tls_server_servercerts_cb(sess, htype, when, incoming, msg);
# endif
case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
return tls_server_certstatus_cb(sess, htype, when, incoming, msg);
@@ -1017,6 +1061,18 @@ if ((rc = gnutls_certificate_allocate_credentials(&state->x509_cred)))
#ifdef SUPPORT_SRV_OCSP_STACK
gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2);
+
+# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
+if (!host && tls_ocsp_file)
+ {
+ if (f.running_in_test_harness)
+ tls_server_testharness_ocsp_fiddle();
+
+ if (exim_testharness_disable_ocsp_validity_check)
+ gnutls_certificate_set_flags(state->x509_cred,
+ GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
+ }
+# endif
#endif
/* remember: expand_check_tlsvar() is expand_check() but fiddling with
@@ -1044,7 +1100,7 @@ if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr))
/* tls_privatekey is optional, defaulting to same file as certificate */
-if (state->tls_privatekey == NULL || *state->tls_privatekey == '\0')
+if (!state->tls_privatekey || !*state->tls_privatekey)
{
state->tls_privatekey = state->tls_certificate;
state->exp_tls_privatekey = state->exp_tls_certificate;
@@ -1075,8 +1131,11 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
const uschar * olist;
int csep = 0, ksep = 0, osep = 0, cnt = 0;
uschar * cfile, * kfile, * ofile;
-
#ifndef DISABLE_OCSP
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+ gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
+# endif
+
if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr))
return DEFER;
olist = ofile;
@@ -1091,13 +1150,13 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
else
{
int gnutls_cert_index = -rc;
- DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", gnutls_cert_index, cfile);
-
- /* Set the OCSP stapling server info */
+ DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
+ gnutls_cert_index, cfile);
#ifndef DISABLE_OCSP
if (tls_ocsp_file)
{
+ /* Set the OCSP stapling server info */
if (gnutls_buggy_ocsp)
{
DEBUG(D_tls)
@@ -1105,27 +1164,36 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
}
else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
{
- DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile);
-
+ DEBUG(D_tls) debug_printf("OCSP response file %d = %s\n",
+ gnutls_cert_index, ofile);
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
- if (f.running_in_test_harness) tls_server_testharness_ocsp_fiddle();
-
- if (!exim_testharness_disable_ocsp_validity_check)
+ if (Ustrncmp(ofile, US"PEM ", 4) == 0)
{
- if ((rc = gnutls_certificate_set_ocsp_status_request_file2(
- state->x509_cred, CCS ofile, gnutls_cert_index,
- GNUTLS_X509_FMT_DER)) < 0)
- return tls_error_gnu(
- US"gnutls_certificate_set_ocsp_status_request_file2",
- rc, host, errstr);
+ ocsp_fmt = GNUTLS_X509_FMT_PEM;
+ ofile += 4;
+ }
+ else if (Ustrncmp(ofile, US"DER ", 4) == 0)
+ {
+ ocsp_fmt = GNUTLS_X509_FMT_DER;
+ ofile += 4;
+ }
- /* Arrange callbacks for OCSP request observability */
+ if ((rc = gnutls_certificate_set_ocsp_status_request_file2(
+ state->x509_cred, CCS ofile, gnutls_cert_index,
+ ocsp_fmt)) < 0)
+ return tls_error_gnu(
+ US"gnutls_certificate_set_ocsp_status_request_file2",
+ rc, host, errstr);
+ DEBUG(D_tls)
+ debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");
- gnutls_handshake_set_hook_function(state->session,
- GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
- }
- else
-# elif defined(SUPPORT_SRV_OCSP_STACK)
+ /* Arrange callbacks for OCSP request observability */
+
+ gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
+
+# else
+# if defined(SUPPORT_SRV_OCSP_STACK)
if ((rc = gnutls_certificate_set_ocsp_status_request_function2(
state->x509_cred, gnutls_cert_index,
server_ocsp_stapling_cb, ofile)))
@@ -1133,7 +1201,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
US"gnutls_certificate_set_ocsp_status_request_function2",
rc, host, errstr);
else
-# endif
+# endif
{
if (cnt++ > 0)
{
@@ -1144,6 +1212,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
gnutls_certificate_set_ocsp_status_request_function(
state->x509_cred, server_ocsp_stapling_cb, ofile);
}
+# endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */
}
else
DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
@@ -2181,7 +2250,8 @@ post_handshake_debug(exim_gnutls_state_st * state)
debug_printf("%s\n", gnutls_session_get_desc(state->session));
#endif
#ifdef SUPPORT_GNUTLS_KEYLOG
-# ifdef GNUTLS_TLS1_3
+
+# ifdef EXIM_HAVE_TLS1_3
if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3)
#else
if (TRUE)
@@ -2201,7 +2271,8 @@ else
" set environment variable SSLKEYLOGFILE to a filename writable by uid exim\n"
" add SSLKEYLOGFILE to keep_environment in the exim config\n"
" run exim as root\n"
- " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n");
+ " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
+ " (works for TLS1.2 also, and saves cut-paste into file)\n");
#endif
}
@@ -2878,16 +2949,26 @@ if (request_ocsp)
gnutls_datum_t stapling;
gnutls_ocsp_resp_t resp;
gnutls_datum_t printed;
- if ( (rc= gnutls_ocsp_status_request_get(state->session, &stapling)) == 0
- && (rc= gnutls_ocsp_resp_init(&resp)) == 0
- && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
- && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0
- )
- {
- debug_printf("%.4096s", printed.data);
- gnutls_free(printed.data);
- }
- else
+ unsigned idx = 0;
+
+ for (;
+# ifdef GNUTLS_OCSP_STATUS_REQUEST_GET2
+ (rc = gnutls_ocsp_status_request_get2(state->session, idx, &stapling)) == 0;
+#else
+ (rc = gnutls_ocsp_status_request_get(state->session, &stapling)) == 0;
+#endif
+ idx++)
+ if ( (rc= gnutls_ocsp_resp_init(&resp)) == 0
+ && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
+ && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT, &printed)) == 0
+ )
+ {
+ debug_printf("%.4096s", printed.data);
+ gnutls_free(printed.data);
+ }
+ else
+ (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
+ if (idx == 0 && rc)
(void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
}
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index dc87291..a1dee6d 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -261,6 +261,9 @@ for (struct exim_openssl_option * o = exim_openssl_options;
# ifdef EXPERIMENTAL_TLS_RESUME
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# endif
+# ifdef SSL_OP_NO_TLSv1_3
+builtin_macro_create(US"_HAVE_TLS1_3");
+# endif
}
#else
diff --git a/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem
new file mode 100644
index 0000000..6b5d621
--- /dev/null
+++ b/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem
@@ -0,0 +1,31 @@
+OCSP Response Information:
+ Response Status: Successful
+ Response Type: Basic OCSP Response
+ Version: 1
+ Responder ID: CN=clica CA rsa,O=example.com
+ Produced At: Thu Sep 26 12:14:05 UTC 2019
+ Responses:
+ Certificate ID:
+ Hash Algorithm: SHA256
+ Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+ Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+ Serial Number: 41
+ Certificate Status: good
+ This Update: Thu Sep 26 12:14:05 UTC 2019
+ Next Update: Tue Sep 25 12:14:05 UTC 2029
+ Extensions:
+ Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2
+MTIxNDA1WjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H
+AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO
+EgIBQYAAGA8yMDE5MDkyNjEyMTQwNVqgERgPMjAyOTA5MjUxMjE0MDVaMA0GCSqG
+SIb3DQEBCwUAA4IBAQAIVtY+mV3cbK0Z/itrRAJKrQGjWz4nUKK2t84KN/K/NxJd
+oDvgN9sp4qp8P0RDE/fwqDLTNp35/7vHPaSB5Bi+L6U2aUwz46LJsX0/q6DuprE+
+e6Z8rOrfycACBY18h8X3foCJwP3/Igon1B7ERbJHYKut77eXJh8EEpxQDxYaDdoj
+d0aFylyMjNH5Cm1nSkksC0islm5sk+ggEZjOnvM6y6ZzlPHl1nyI6TOWrTSoqm69
+mK2Gf9V59oHJPSM3OaVWL5OoUIZ57RrtDdxs3H3HO8QNPCSJY80Dk2uwpZICzYP3
+ko2KEu5rKChZ74PB59D6wAuUTEYdzF08s9waWL1m
+-----END OCSP RESPONSE-----
diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem
new file mode 100644
index 0000000..5a44d61
--- /dev/null
+++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem
@@ -0,0 +1,31 @@
+OCSP Response Information:
+ Response Status: Successful
+ Response Type: Basic OCSP Response
+ Version: 1
+ Responder ID: CN=clica CA rsa,O=example.com
+ Produced At: Wed Sep 25 16:52:00 UTC 2019
+ Responses:
+ Certificate ID:
+ Hash Algorithm: SHA256
+ Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+ Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+ Serial Number: 42
+ Certificate Status: good
+ This Update: Wed Sep 25 16:52:00 UTC 2019
+ Next Update: Mon Sep 24 16:52:00 UTC 2029
+ Extensions:
+ Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI1
+MTY1MjAwWjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H
+AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO
+EgIBQoAAGA8yMDE5MDkyNTE2NTIwMFqgERgPMjAyOTA5MjQxNjUyMDBaMA0GCSqG
+SIb3DQEBCwUAA4IBAQAD/6WpB4+oK4S81aIp48J0CPqqPkd2tMBaAHZQ+0FG2A9c
+8VPPjWfVhTYikeILbVukABNpcP5G3bWOiTrYK0bp2f+Wf3NQyiP+VXj0pGmnX4lI
+Jwwg0ZvejHddoU192DTYu+fjj80YVOv09VHoehLsnsYPe16nW+2Ul2eDJ5IQv1qo
+5PUjRqc1X8W0ixAR34zXnkO+tDbpkGtUo/WcGt0zVxmoqXwvWsEG65PN/OYS2rEu
+q5TkTweFZllPdNfRJAXHBlZf1ndA9XpTzp4U/RGlWHP4Mp92BH9Ry50admEvObCe
+ayhmuSWTc/8mrunDn+qidRFYccHtDTeoAy2XRnGA
+-----END OCSP RESPONSE-----
diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem
new file mode 100644
index 0000000..dfbed04
--- /dev/null
+++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem
@@ -0,0 +1,33 @@
+OCSP Response Information:
+ Response Status: Successful
+ Response Type: Basic OCSP Response
+ Version: 1
+ Responder ID: CN=clica CA rsa,O=example.com
+ Produced At: Thu Sep 26 07:51:09 UTC 2019
+ Responses:
+ Certificate ID:
+ Hash Algorithm: SHA256
+ Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+ Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+ Serial Number: 42
+ Certificate Status: revoked
+ Revocation time: Mon Feb 01 14:27:09 UTC 2010
+ This Update: Thu Sep 26 07:51:09 UTC 2019
+ Next Update: Tue Sep 25 07:51:09 UTC 2029
+ Extensions:
+ Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIICEQoBAKCCAgowggIGBgkrBgEFBQcwAQEEggH3MIIB8zCB3KEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2
+MDc1MTA5WjCBlzCBlDBWMA0GCWCGSAFlAwQCAQUABCC/pydaVm79S+LfgtvZ0SkN
+RwGG9v8qzYwWZZ80KrVhCQQgII+dKMfAvJFBRN+owL49Wzv867YiyKjcJ+hl/AbK
+DhICAUKhFhgPMjAxMDAyMDExNDI3MDlaoAMKAQQYDzIwMTkwOTI2MDc1MTA5WqAR
+GA8yMDI5MDkyNTA3NTEwOVowDQYJKoZIhvcNAQELBQADggEBABxA6J6zKoEXgmgG
+/I1hZc08x4T8WibqkGhS/1hcq66STgqYY1m3GmaOHQiwHhxsZzAUfOp1wChNgRCI
+x2pFp5rsQCZPvSL244SaTRqSK6eFONnic+s7nND3b/DZuelx3Zq1y/vrg+WaNxxt
+HWC1sRk2c/jAMqdHbH5obXzWB88qN8dh9Xwi8VXYCFlKjlURa6q6z5b5jhPI1BDW
+oLK66ZIzSxryPGu/70EWUAAMub5NAMhGi0Vf1eoIl87PMKQRaGTkwgKe3KgqU+o9
+Oa15HFRL0iFaVBxdYEQyy/MW6iSA+1KiyqSpWEZxCvisKjUTVopx/BiVb9sEpvwE
+yRNnGe8=
+-----END OCSP RESPONSE-----
diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt
index d69d74d..4670f59 100644
--- a/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt
+++ b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt
@@ -4,3 +4,4 @@ R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.com
R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.com
R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.com
R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.com
+R 130110200751Z 100201142709Z,superseded 42 unknown CN=clica Signing Cert rsa
diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt
index 126acf7..61dc8ac 100644
--- a/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt
+++ b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt
@@ -4,3 +4,5 @@ V 130110200751Z 67 unknown CN=expired1.example.com
V 130110200751Z c9 unknown CN=server2.example.com
V 130110200751Z ca unknown CN=revoked2.example.com
V 130110200751Z cb unknown CN=expired2.example.com
+V 130110200751Z 42 unknown CN=clica Signing Cert rsa
+V 130110200751Z 41 unknown CN=clica CA rsa
diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall
index a5e51e3..9904cfa 100755
--- a/test/aux-fixed/exim-ca/genall
+++ b/test/aux-fixed/exim-ca/genall
@@ -26,6 +26,14 @@ do
rm -fr "$idir"
# create CA cert + templates
+ # -D dir to work in
+ # -p passwd for cert
+ # -B keysize in bits
+ # -I create CA cert
+ # -N org name
+ # -F create sub-signing cert
+ # -C CRL
+ # -O create OCSP responder cert
clica $V -D "$idir" -p password -B 2048 -I -N $iname -F -C http://crl.$iname/latest.crl -O http://oscp.$iname/
# create server certs
@@ -67,8 +75,15 @@ do
####
+ # so, for full-chain OCSP we sill want an OCSP resp for the Signer cert and also (?) one for the
+ # CA cert itself. The existing bits below only create for the leaf certs, next layer down.
+ #
+ # First test will be just adding OCSP for the Signer cert. Presumably we could use the CA cert
+ # to sign that.
+
# create OCSP reqs & resps
CADIR=$idir/CA
+
#give ourselves an OSCP key to work with
pk12util -o $CADIR/OCSP.p12 -n 'OCSP Signer rsa' -d $CADIR -K password -W password
openssl pkcs12 -in $CADIR/OCSP.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/OCSP.key
@@ -77,12 +92,17 @@ do
pk12util -o $CADIR/Signer.p12 -n 'Signing Cert rsa' -d $CADIR -K password -W password
openssl pkcs12 -in $CADIR/Signer.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/Signer.key
+ # ditto for CA
+ # - the "-n names" here appear to be hardcoded in clica
+ pk12util -o $CADIR/CA.p12 -n 'Certificate Authority rsa' -d $CADIR -K password -W password
+ openssl pkcs12 -in $CADIR/CA.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/CA.key
+
# create some index files for the ocsp responder to work with
-# tab-sep
+# tab-sep, and fields can be empty
# 0: Revoked/Expired/Valid letter
# 1: Expiry date (ASN1_UTCTIME)
# 2: Revocation date
-# 3: Serial no. (unique)
+# 3: Serial no. (unique, in hex)
# 4: file
# 5: DN, index
@@ -93,6 +113,8 @@ V 130110200751Z 67 unknown CN=expired1.$iname
V 130110200751Z c9 unknown CN=server2.$iname
V 130110200751Z ca unknown CN=revoked2.$iname
V 130110200751Z cb unknown CN=expired2.$iname
+V 130110200751Z 42 unknown CN=clica Signing Cert rsa
+V 130110200751Z 41 unknown CN=clica CA rsa
EOF
cat >$CADIR/index.revoked.txt <<EOF
R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.$iname
@@ -101,9 +123,10 @@ R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.$iname
R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.$iname
R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.$iname
R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.$iname
+R 130110200751Z 100201142709Z,superseded 42 unknown CN=clica Signing Cert rsa
EOF
- # Now create all the ocsp requests and responses
+ # Now create all the ocsp requests and responses for the leaf certs
IVALID="-index $CADIR/index.valid.txt"
IREVOKED="-index $CADIR/index.revoked.txt"
@@ -116,6 +139,8 @@ EOF
openssl ocsp -issuer $CADIR/Signer.pem -sha256 -cert $SPFX.pem -no_nonce -reqout $SPFX.ocsp.req
REQIN="-reqin $SPFX.ocsp.req"
+ # These ones get used by the "traditional" testcases. OCSP resp signed by a cert which is
+ # signed by the signer of the leaf-cert being attested to.
OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
openssl ocsp $IVALID $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.good.resp
openssl ocsp $IVALID $OGENCOMMON -ndays 30 $REQIN -respout $SPFX.ocsp.dated.resp
@@ -126,11 +151,40 @@ EOF
openssl ocsp $IVALID $OGENCOMMON -ndays 30 $REQIN -respout $SPFX.ocsp.signer.dated.resp
openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signer.revoked.resp
+ # These ones get used by the "LetsEncrypt mode" testcases. OCSP resp is signed directly by the
+ # signer of the leaf-cert being attested to.
OGENCOMMON="-rsigner $CADIR/Signer.pem -rkey $CADIR/Signer.key -CA $CADIR/Signer.pem -resp_no_certs -noverify"
openssl ocsp $IVALID $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signernocert.good.resp
openssl ocsp $IVALID $OGENCOMMON -ndays 30 $REQIN -respout $SPFX.ocsp.signernocert.dated.resp
openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signernocert.revoked.resp
done
+
+ # convert one good leaf-resp to PEM
+ $server=server1
+ RESP=$idir/$server.$iname/$server.$iname.ocsp.signernocert.good.resp
+ ocsptool -S $RESP -j > $RESP.pem
+
+ # Then, ocsp request and responses for the signer cert
+ REQ=$CADIR/Signer.ocsp.req
+ RESP=$CADIR/Signer.ocsp.signernocert.good.resp
+ openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/Signer.pem -no_nonce -reqout $REQ
+ openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+ -ndays 3652 -reqin $REQ -respout $RESP
+ ocsptool -S $RESP -j > $RESP.pem
+
+ RESP=$CADIR/Signer.ocsp.signernocert.revoked.resp
+ openssl ocsp $IREVOKED -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+ -ndays 3652 -reqin $REQ -respout $RESP
+ ocsptool -S $RESP -j > $RESP.pem
+
+ # Then, ocsp request and response for the CA cert
+ REQ=$CADIR/CA.ocsp.req
+ RESP=$CADIR/CA.ocsp.signernocert.good.resp
+ openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/CA.pem -no_nonce -reqout $REQ
+ openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+ -ndays 3652 -reqin $REQ -respout $RESP
+ ocsptool -S $RESP -j > $RESP.pem
+
####
done
diff --git a/test/aux-var-src/tls_conf_prefix b/test/aux-var-src/tls_conf_prefix
index 1c464f6..ad9501e 100644
--- a/test/aux-var-src/tls_conf_prefix
+++ b/test/aux-var-src/tls_conf_prefix
@@ -1,4 +1,4 @@
-keep_environment = PATH:SSLKEYLOGFILE
+keep_environment = PATH:SSLKEYLOGFILE:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK
exim_path = EXIM_PATH
host_lookup_order = bydns
spool_directory = DIR/spool
diff --git a/test/confs/5653 b/test/confs/5655
similarity index 55%
rename from test/confs/5653
rename to test/confs/5655
index 5b29f5b..0f6fe1b 100644
--- a/test/confs/5653
+++ b/test/confs/5655
@@ -1,5 +1,5 @@
-# Exim test configuration 5652
-# OCSP stapling, server, multiple certs
+# Exim test configuration 5655
+# OCSP stapling, server, multiple chain-element OCSP
.include DIR/aux-var/tls_conf_prefix
@@ -7,6 +7,7 @@ primary_hostname = server1.example.com
# ----- Main settings -----
+acl_smtp_connect = accept logwrite = ${env {SSLKEYLOGFILE}}
acl_smtp_mail = check_mail
acl_smtp_rcpt = check_recipient
@@ -21,15 +22,23 @@ CADIR = DIR/aux-fixed/exim-ca
DRSA = CADIR/example.com
DECDSA = CADIR/example_ec.com
-tls_certificate = DRSA/server1.example.com/server1.example.com.pem \
+tls_certificate = DRSA/server1.example.com/fullchain.pem \
: DECDSA/server1.example_ec.com/server1.example_ec.com.pem
tls_privatekey = DRSA/server1.example.com/server1.example.com.unlocked.key \
: DECDSA/server1.example_ec.com/server1.example_ec.com.unlocked.key
-tls_ocsp_file = DRSA/server1.example.com/server1.example.com.ocsp.good.resp \
- : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
+.ifndef CONTROL
+tls_ocsp_file = PEM DIR/tmp/ocsp/triple.ocsp.pem \
+ : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
+.else
+tls_ocsp_file = PEM DIR/tmp/ocsp/double_r.ocsp.pem \
+ : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
+.endif
-tls_require_ciphers = NORMAL:!VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0
+
+.ifdef _HAVE_GNUTLS
+tls_require_ciphers = ${if eq {LIMIT}{TLS1.2} {NORMAL:!VERS-ALL:+VERS-TLS1.2} {}}
+.endif
# ------ ACL ------
@@ -70,9 +79,22 @@ remote_delivery:
driver = smtp
port = PORT_D
hosts_require_tls = *
- tls_require_ciphers = OPT
+.ifdef _HAVE_GNUTLS
+
+ tls_require_ciphers = ${if eq {LIMIT}{TLS1.2} \
+ {NONE:\
+ ${if eq {OPT}{rsa} \
+ {+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA} \
+ {+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL}}\
+ :+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509} \
+ {}}
+ tls_verify_certificates = CADIR/\
+ ${if eq {OPT}{rsa} \
+ {example.com/server1.example.com} \
+ {example_ec.com/server1.example_ec.com}}\
+ /ca_chain.pem
+.endif
hosts_require_ocsp = *
- tls_verify_certificates = CERT
tls_verify_cert_hostnames = :
local_delivery:
diff --git a/test/log/5653 b/test/log/5653
deleted file mode 100644
index 82d2e7a..0000000
--- a/test/log/5653
+++ /dev/null
@@ -1,9 +0,0 @@
-1999-03-02 09:44:33 1: Server sends good staple on request, to client requiring RSA auth
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@??? R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified)
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
diff --git a/test/log/5655 b/test/log/5655
new file mode 100644
index 0000000..4cb16c2
--- /dev/null
+++ b/test/log/5655
@@ -0,0 +1,27 @@
+1999-03-02 09:44:33 1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@??? R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => rsa.auth@??? R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 3: TLS1.3 Server sends bad nonleaf staple, client detects it
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 == rsa.auth@??? R=client T=remote_delivery defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** rsa.auth@???: retry timeout exceeded
+1999-03-02 09:44:33 10HmbB-0005vi-00 rsa.auth@???: error ignored
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33
+1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified)
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33
+1999-03-02 09:44:33 acl_mail: ocsp in status: 1 (notresp)
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33
+1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): The TLS connection was non-properly terminated.
diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/5655 b/test/scripts/5655-OCSP-GnuTLS-1.3/5655
new file mode 100644
index 0000000..25ebdfd
--- /dev/null
+++ b/test/scripts/5655-OCSP-GnuTLS-1.3/5655
@@ -0,0 +1,59 @@
+# OCSP stapling, server, multiple chain-element OCSP
+#
+#
+#
+mkdir -p DIR/tmp/ocsp
+sudo chown -R EXIMUSER:EXIMGROUP tmp
+sudo chmod -R a+rwx DIR/tmp/ocsp
+perl
+chdir 'aux-fixed/exim-ca/example.com';
+system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.good.resp.pem CA/CA.ocsp.signernocert.good.resp.pem > DIR/tmp/ocsp/triple.ocsp.pem';
+system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem';
+****
+#
+#
+exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2
+****
+#
+exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@???
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3
+****
+exim -odf -DOPT=rsa rsa.auth@???
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+#
+exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it'
+****
+#
+EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad
+****
+exim -odf -DOPT=rsa rsa.auth@???
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+#
+#
+sudo rm -fr tmp/
+no_msglog_check
diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES b/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES
new file mode 100644
index 0000000..ab5a972
--- /dev/null
+++ b/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES
@@ -0,0 +1,4 @@
+support GnuTLS
+support OCSP
+running IPv4
+feature _HAVE_TLS1_3
