Re: [exim] DANE vs unknown CA

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] DANE vs unknown CA
On Sun, May 02, 2021 at 09:13:55PM +0200, Heiko Schlittermann via Exim-users wrote:

> this is especially for Victor. I'm out of ideas.
>
>     Dane verify_cert verify_callback_client_dane: BAD depth 1
>     /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 - err 20
>     'unable to get local issuer certificate' SSL3 alert
>     write:fatal:unknown CA


Do connections to my domain work (also DANE 3 1 1, be it with an LE
cert).

>     LOG: MAIN
>       DANE attempt failed; TLS connection to serv02.atvirtual.eu
>       [185.206.180.72]: (SSL_connect): error:1416F086:SSL
>       routines:tls_process_server_certificate:certificate verify
>       failed


With Postfix, I get:

    # posttls-finger -c "[serv02.atvirtual.eu]"
    posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: Matched DANE EE certificate at depth 0: 3 1 1 7E95E999DA41CDD250EB3F97C397BFDB087AEAB914EDBDF1B5B6C49457923048
    posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: subject_CN=serv02.atvirtual.eu, issuer_CN=AlphaSSL CA - SHA256 - G2, fingerprint=70:4C:CF:00:75:BF:47:BB:D4:C7:D1:B4:E6:63:2B:52:E0:40:97:4F:3E:F1:18:C5:F7:D6:B3:E6:43:25:6C:69, pkey_fingerprint=7E:95:E9:99:DA:41:CD:D2:50:EB:3F:97:C3:97:BF:DB:08:7A:EA:B9:14:ED:BD:F1:B5:B6:C4:94:57:92:30:48
    posttls-finger: Verified TLS connection established to serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)


I have: openssl-1.1.1k

However, Postfix no longer uses my danessl library, as of Postfix 3.6
(which I'm running), it uses the DANE code in OpenSSL 1.1.x. So there
are a few differences here...

But I still have some Perl code lying around that uses that library and
it worked against the host in question:

    serv02.atvirtual.eu. IN MX 0 serv02.atvirtual.eu.
    serv02.atvirtual.eu. IN A 185.206.180.72
    serv02.atvirtual.eu. IN AAAA 2a0b:1640:1:1:1:1:179:ba44
    _25._tcp.serv02.atvirtual.eu. IN TLSA 3 1 1 7e95e999da41cdd250eb3f97c397bfdb087aeab914edbdf1b5b6c49457923048
    ;; SSL: protocol = TLSv1.2, cipher = ECDHE-RSA-AES128-GCM-SHA256 (128 bits)
    ;; Passed(depth 0): serv02.atvirtual.eu. IN TLSA 3 1 1 7e95e999da41cdd250eb3f97c397bfdb087aeab914edbdf1b5b6c49457923048


as did posttls-finger from Postfix 3.5 (in-situ build in the source
tree):

    $ LD_LIBRARY_PATH=$PWD/lib ./bin/posttls-finger -o compatibility_level=3 -c '[serv02.atvirtual.eu]'
    posttls-finger: using DANE RR: _25._tcp.serv02.atvirtual.eu IN TLSA 3 1 1 7E:95:E9:99:DA:41:CD:D2:50:EB:3F:97:C3:97:BF:DB:08:7A:EA:B9:14:ED:BD:F1:B5:B6:C4:94:57:92:30:48
    posttls-finger: serv02.atvirtual.eu[185.206.180.72]:25: depth=0 matched end entity public-key sha256 digest=7E:95:E9:99:DA:41:CD:D2:50:EB:3F:97:C3:97:BF:DB:08:7A:EA:B9:14:ED:BD:F1:B5:B6:C4:94:57:92:30:48
    posttls-finger: serv02.atvirtual.eu[185.206.180.72]:25: Matched subjectAltName: serv02.atvirtual.eu
    posttls-finger: serv02.atvirtual.eu[185.206.180.72]:25 CommonName serv02.atvirtual.eu
    posttls-finger: serv02.atvirtual.eu[185.206.180.72]:25: subject_CN=serv02.atvirtual.eu, issuer_CN=AlphaSSL CA - SHA256 - G2, fingerprint=22:72:97:BE:67:C7:33:89:8B:F8:95:02:2F:41:5F:C2:25:73:0B:8C, pkey_fingerprint=9E:6C:44:E3:C9:52:B7:F4:FA:37:D2:0D:47:31:46:38:CC:C2:D6:3A
    posttls-finger: Verified TLS connection established to serv02.atvirtual.eu[185.206.180.72]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)


> The Exim 4.94.2 producing this uses openssl 1.1.1j With older Exim
> 4.92.3 it works (openssl 1.1.0i)


That's interesting, can you try 1.1.1k?

> Any idea? For what I understand about DANE, it shouldn't care about
> the CA cert, should it? (The TLSA record uses 3 1 1)


Correct, the "3 1 1" record should be dispositive, and with a matching
"3 1 1" there should not even be a call to the OpenSSL chain building
code, the "chain" should consist of just the leaf cert.

-- 
    Viktor.