Re: [TLS] Certificate handshake message - common config problems

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 29 January 2010 22:32 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 897E93A677C for <tls@core3.amsl.com>; Fri, 29 Jan 2010 14:32:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHqTvyDoISTU for <tls@core3.amsl.com>; Fri, 29 Jan 2010 14:32:43 -0800 (PST)
Received: from relay00.pair.com (relay00.pair.com [209.68.5.9]) by core3.amsl.com (Postfix) with SMTP id 815923A6969 for <tls@ietf.org>; Fri, 29 Jan 2010 14:32:42 -0800 (PST)
Received: (qmail 73683 invoked from network); 29 Jan 2010 22:33:05 -0000
Received: from 216.254.70.154 (HELO ?192.168.23.207?) (216.254.70.154) by relay00.pair.com with SMTP; 29 Jan 2010 22:33:05 -0000
X-pair-Authenticated: 216.254.70.154
Message-ID: <4B63621F.7000208@fifthhorseman.net>
Date: Fri, 29 Jan 2010 17:33:03 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20091109)
MIME-Version: 1.0
To: tls@ietf.org
References: <201001291813.o0TIDIc0027801@fs4113.wdf.sap.corp>
In-Reply-To: <201001291813.o0TIDIc0027801@fs4113.wdf.sap.corp>
X-Enigmail-Version: 0.95.7
OpenPGP: id=D21739E9; url=http://fifthhorseman.net/dkg.gpg
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig675DC3F6FC4CF62DC80D3059"
Subject: Re: [TLS] Certificate handshake message - common config problems
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2010 22:32:44 -0000

On 01/29/2010 01:13 PM, Martin Rex wrote:
> I know little about apache&OpenSSL (never installed or operated
> one myself), but IIRC, there are two seperate files, one with
> the EndEntity cert and one with the CertificateChain.
> It appears that all of the certificates from the Chain file will
> be blindly appended to the EndEntity cert when the certificate_list
> for the Certificate handshake message is composed. 

The docs for mod_ssl are pretty clear that the SSLCertificateChainFile
need not be used if the relevant certificates for the intermediate and
root CAs are already found in SSLCaCertificatePath, in which case it
appears that OpenSSL builds the chain automatically (and presumably
correctly):

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile

Unfortunately, they also don't explicitly state that the certificates
*must* be properly ordered to be RFC-compliant.  in fact, they only say
"usually in certificate chain order".  This is probably a bug in mod_ssl
(at least in its documentation).  They should check and warn if the
provided CertificateChainFile does not form a proper chain.

> To easily see the cause of the problem, you need either WireShark
> or an SSL implementation that can visualize what it _receives_!.
> MSIE is fairly useless for this purpose, because it does _not_
> show you what it receives.  If anything, it shows
> what it _validates_, which is something entirely different.
> This becomes apparent in situations like this (duplicated cert
> in the chain), incorrectly ordered certs, or _missing_ certs
> in the chain if there's AIA information included.

I think you want:

 openssl s_client -connect $HOST:$PORT -showcerts

hth,

	--dkg