| Author |
Message |
|
| Guest |
 Posted: Thu Dec 14, 2006 4:52 pm |
 |
|
|
Guest
|
Jaco Kroon (of TLUG in South Africa) and I have been looking into
ejabberd's support for intermediate certification authorities, such
as the one we just launched at https://www.xmpp.net/
Unfortunately, it seems that ejabberd does not correctly present the
full certificate chain using the new intermediate CA. For example,
run this command:
openssl s_client -connect jabber.org:5223
or
openssl s_client -connect jabber.org:5223 -CAfile /path/to/ca.crt
... where ca.cert is the StartCom root certificate:
http://cert.startcom.org/ca.crt
You will receive an error because ejabberd is not presenting the entire
certificate chain. SSL-aware Jabber clients will also show an error and
refuse to connect.
Jaco is running ejabberd 1.1.2 and jabber.org is running 1.1.1, both
versions seem to display this behavior.
Philipp Hancke of the PSYC project told me that you can probably solve
this problem by using SSL_CTX_use_certificate_chain_file instead of
SSL_use_certificate_file when calling OpenSSL. YMMV.
Thanks!
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Thu Dec 14, 2006 5:12 pm |
|
|
|
Guest
|
Thursday 14 December 2006 17:52 skrev Peter Saint-Andre:
> Philipp Hancke of the PSYC project told me that you can probably solve
> this problem by using SSL_CTX_use_certificate_chain_file instead of
> SSL_use_certificate_file when calling OpenSSL.
Apparently it is not quite as easy. It was attempted about 18 months ago and
documented at <http://www.jabber.ru/bugzilla/show_bug.cgi?id=46>.
/Albert
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Thu Dec 14, 2006 8:39 pm |
|
|
|
Guest
|
Albert Holm said the following on 12/14/06 12:11 PM:
> Thursday 14 December 2006 17:52 skrev Peter Saint-Andre:
>> Philipp Hancke of the PSYC project told me that you can probably solve
>> this problem by using SSL_CTX_use_certificate_chain_file instead of
>> SSL_use_certificate_file when calling OpenSSL.
>
> Apparently it is not quite as easy. It was attempted about 18 months ago and
> documented at <http://www.jabber.ru/bugzilla/show_bug.cgi?id=46>.
>
Oh geesh. Is that it? Well I'll get my linux box fired up and test this
patch. That second error they get implies someone is trying to talk to
an ssl port in plain text. Now reading my OpenSSL Oreilly book, the
auther claims that you must have the entire chain in the file. This
doesn't seem right, but it could be from the way it was presented to me.
The server software must pass the whole chain except the root. So
perhaps openssl is just verifying a root exists or something.
--
Jonathan
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Dec 15, 2006 1:51 pm |
|
|
|
Guest
|
Jonathan Siegle said the following on 12/14/06 3:39 PM:
> Albert Holm said the following on 12/14/06 12:11 PM:
>> Thursday 14 December 2006 17:52 skrev Peter Saint-Andre:
>>> Philipp Hancke of the PSYC project told me that you can probably solve
>>> this problem by using SSL_CTX_use_certificate_chain_file instead of
>>> SSL_use_certificate_file when calling OpenSSL.
>>
>> Apparently it is not quite as easy. It was attempted about 18 months
>> ago and documented at <http://www.jabber.ru/bugzilla/show_bug.cgi?id=46>.
>>
> Oh geesh. Is that it? Well I'll get my linux box fired up and test this
> patch. That second error they get implies someone is trying to talk to
> an ssl port in plain text. Now reading my OpenSSL Oreilly book, the
> auther claims that you must have the entire chain in the file. This
> doesn't seem right, but it could be from the way it was presented to me.
> The server software must pass the whole chain except the root. So
> perhaps openssl is just verifying a root exists or something.
>
Notes:
I grabbed the latest SVN this morning. I applied the patch. I put the
entire chain(root/ica/cert/key) into the certfile. I then ran the
following command:
$ openssl s_client -CAfile usherchain -connect lexicon.aset.psu.edu:5223
CONNECTED(00000005)
depth=2 /C=US/O=US Higher Education Root/OU=CA1/CN=USHER CA1 v1
verify return:1
depth=1 /C=US/ST=Pennsylvania/L=University Park/O=The Pennsylvania State
Univers
ity/OU=Information Technology Services/CN=SASL-CA
verify return:1
depth=0 /CN=lexicon.aset.psu.edu
verify return:1
---
Certificate chain
0 s:/CN=lexicon.aset.psu.edu
i:/C=US/ST=Pennsylvania/L=University Park/O=The Pennsylvania State
University
/OU=Information Technology Services/CN=SASL-CA
1 s:/C=US/ST=Pennsylvania/L=University Park/O=The Pennsylvania State
University
/OU=Information Technology Services/CN=SASL-CA
i:/C=US/O=US Higher Education Root/OU=CA1/CN=USHER CA1 v1
2 s:/C=US/O=US Higher Education Root/OU=CA1/CN=USHER CA1 v1
i:/C=US/O=US Higher Education Root/OU=CA1/CN=USHER CA1 v1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIQHuQflow6Edur0QARJZwwgjANBgkqhkiG9w0BAQUFADCB
pjELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEYMBYGA1UEBxMP
VW5pdmVyc2l0eSBQYXJrMSowKAYDVQQKEyFUaGUgUGVubnN5bHZhbmlhIFN0YXRl
IFVuaXZlcnNpdHkxKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2Vy
dmljZXMxEDAOBgNVBAMTB1NBU0wtQ0EwHhcNMDYxMjE1MTI0MDE5WhcNMDcxMjE1
MTI0MDE5WjAfMR0wGwYDVQQDExRsZXhpY29uLmFzZXQucHN1LmVkdTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAlBaPO4E9RGBpkbeadc19GKrHhxn3QT2ynZIk
6KgAtOCw0jiBnrtLeWHe+OM5K9vELzMrXThCuVNu8U3RpxtoMhgdvGZ/Nvp2UTMP
NMxhBN+zLFO0hgfUZyLoE715olynMXiZTRNDCKePyMyiUlTr0j/6CLAwOR1LyPOS
LFs+xx8CAwEAAaM7MDkwDwYDVR0TAQH/BAUwAwEBADAOBgNVHQ8BAf8EBAMCALAw
FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAGwa1Quk
5e6VHcDHlnm4o2crCoT7jtdhh253TAwtpx/3cyZLY5nhTC9DPejFA5Ne6nhnb0Rn
hRPzKY/hhyPVYPqwyXlWWfye1K4saXkQh1VogipRuQ4z6w+moOaZm/XuFjTSDEU3
HFHH+lSN/WSyYr76FAEFqjXc/cGG8bJm5jk264ljaHNl8XtT5ANyY0es+5Wzk99B
dbszXxjJdh2d2KZmiFEk/eKNg6/+79GbC9wQc0MkApUHxl/uggpOlN14MvbWkbut
fGXkstvLxbsgbRY/rIk1lYm/EmPSwNoVgLFcpCTYuJ4dIBp0vFpOXwG4LB9KRlAN
DAPC/nEbsSF3RI8=
-----END CERTIFICATE-----
subject=/CN=lexicon.aset.psu.edu
issuer=/C=US/ST=Pennsylvania/L=University Park/O=The Pennsylvania State
Universi
ty/OU=Information Technology Services/CN=SASL-CA
---
No client certificate CA names sent
---
SSL handshake has read 3435 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
DFF7C6554FC96A49BA94A25A452479CD3B6D15A832CE95ADDA652F6B1001DE59
Session-ID-ctx:
Master-Key:
975C8E745721E446214C79D0230326C013AD38435A25F36D77916712B5DA9DF7
DA010B3E13C917E1CB7D26CCABC773D9
Key-Arg : None
Start Time: 1166190558
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Is it ready for production? I don't know. I'm going to let it run for a
week and try to do normal operations to it and see if I can get some errors.
-Jonathan
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Dec 19, 2006 5:22 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Tue Dec 19, 2006 6:39 pm |
|
|
|
Guest
|
Hi,
Sorry about breaking anybodies threads, I only just subscribed and thus
cannot respond directly to the message at
http://lists.jabber.ru/pipermail/ejabberd/2006-December/002373.html
SSL/TLS is actually a relatively basic protocol. It relies on "chains" of
authority, and the certificates that are being issued are third-level
certificates. The only certificate that should be installed on the client
is the root ca certicate, or the first level certificate. As such only
the root CA cert should be in the file passed to -CAfile, not the entire
chain or OpenSSL will treat all those files as first-level CAs. Whilst
this does no harm it is impossible to expect everybody to install every
possible second or even third (and I've seen depths of 6) level CA
certificate. There are simply too many.
So instead the SSL/TLS server, as mentioned in the previous post, needs to
provide all but the root CA certificate (optionally it may also provide
that certificate, this much is made explicit in the RFC, and the oreilly
book has it correct).
So permitting the only certificate in the file usherchain was the root CA
file then the given s_client session in the previous post is correct. The
patch looks good, except I'd recommend to also update the error message
just beneath the changed line to also reflect the function call change.
It should be noted that use_certificate_chain_file _REQUIRES_ that the
file be in PEM format (The way in which ejabberd was using it already made
this assumption so this won't be a problem), it is also possible to encode
the entire chain using DER format, however I'm not sure how one would go
about loading that into OpenSSL (I suspect one may need to use
use_certificate_file again - the DER encoding indicates whether a single
certificate is contained or whether there are multiple certificates).
Just applied to tlug.up.ac.za and the patch does indeed function
correctly, by simply appending the intermediate certificate to the file
the entire chain is properly passed to the client.
Jaco
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Dec 20, 2006 10:18 am |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Wed Dec 20, 2006 12:04 pm |
|
|
|
Guest
|
Jaco Kroon wrote:
> Hi,
>
>
> So permitting the only certificate in the file usherchain was the root CA
> file then the given s_client session in the previous post is correct. The
> patch looks good, except I'd recommend to also update the error message
> just beneath the changed line to also reflect the function call change.
>
Hi Jaco,
For completeness I should have displayed that file. Yes it only has the
root.
> $ cat usherchain
> -----BEGIN CERTIFICATE-----
> MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEh
> MB8GA1UEChMYVVMgSGlnaGVyIEVkdWNhdGlvbiBSb290MQwwCgYDVQQLEwNDQTEx
> FTATBgNVBAMTDFVTSEVSIENBMSB2MTAeFw0wNjA0MTkxNzUwMzJaFw0yNjA0MTkx
> NzUwMzJaMFUxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhVUyBIaWdoZXIgRWR1Y2F0
> aW9uIFJvb3QxDDAKBgNVBAsTA0NBMTEVMBMGA1UEAxMMVVNIRVIgQ0ExIHYxMIIB
> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyiTe98iSAaXIK5Rk8CBP57g
> 8f1fwg8tnVSrLVLrqWEJIQ/vLpSWwfUf0XM7ziH6rWWyraC3b6tnfwx4Rx+jwbNp
> f5CcV/r3QNYuDSx462wVYfUDsnxmLBJFJEGgeEXPNxfR6p7B4WElvv1lrPvVQdy+
> 17vDY6y8fTqbzt2/VM+DP1NgXXzHirP2zMOuhz1Y8+rgXBv6juDtd+BA+xg8Z/Mv
> vvo7GSxXG6lJTS9YVfsJaI2MgXHYbA9rUyAf9k7r56+fQYXHE26nYHDn/0ZufxXz
> oiXgVvfL78nrMYGqW18z+MHaGMfHsex+k3on85ID39rq+xBMsirtK5zR4UnoTQID
> AQABo4IBGDCCARQwHQYDVR0OBBYEFCadIurssA9rIQr22S8gymVQ7BvTMH0GA1Ud
> IwR2MHSAFCadIurssA9rIQr22S8gymVQ7BvToVmkVzBVMQswCQYDVQQGEwJVUzEh
> MB8GA1UEChMYVVMgSGlnaGVyIEVkdWNhdGlvbiBSb290MQwwCgYDVQQLEwNDQTEx
> FTATBgNVBAMTDFVTSEVSIENBMSB2MYIBATAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
> DwEB/wQEAwIBBjBTBgNVHSAETDBKMEgGCisGAQQBgcEWAgIwOjA4BggrBgEFBQcC
> ARYsaHR0cDovL3d3dy51c2hlcmNhLm9yZy9wcmFjdGljZXMvY2ExL2Nwcy5wZGYw
> DQYJKoZIhvcNAQEFBQADggEBAGd3CA4UTBa9oC+0ryQRK3wDeA5g10mMwzK8Fcyh
> XXmD4mnZh84fwusGeWqMQZ/JWlvJ3rf9v4yKsYaSM+AKf6aRDR4A4AarDzNUGjMq
> 3vY6Kc1Dup/UcWAokJweQllUfExjw7utM08czZqzdEqi/XMcLQcU1AjrdYm6pmWV
> pUKfKNgicX3Gy51skz8v11JGWtSONAkqZeuqDlPAZVTXCOqi1qUk4eK4DE3f8L+y
> GPEdqCGFwCfdB1Hc5aoSSB5t5UHb2LyEE6yBrcjKUUkuDEUfHup4QnV4X9shrPs5
> 8uS6y+JwlVwsGPw6vvAgiwMDQRAuyk43GoQUK1dwuciYmgk=
> -----END CERTIFICATE-----
> It should be noted that use_certificate_chain_file _REQUIRES_ that the
> file be in PEM format (The way in which ejabberd was using it already made
> this assumption so this won't be a problem), it is also possible to encode
> the entire chain using DER format, however I'm not sure how one would go
> about loading that into OpenSSL (I suspect one may need to use
> use_certificate_file again - the DER encoding indicates whether a single
> certificate is contained or whether there are multiple certificates).
>
What struck me as odd was that in the Oreilly OpenSSL book it says that
you must have the entire chain in the file you pass to
use_certificate_chain_file. It must do something to validate the chain
and then not send the root.
> Just applied to tlug.up.ac.za and the patch does indeed function
> correctly, by simply appending the intermediate certificate to the file
> the entire chain is properly passed to the client.
>
Good! Maybe I can roll this out on jabber.org soon.
> Jaco
> _______________________________________________
> ejabberd mailing list
> ejabberd@jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Dec 20, 2006 12:42 pm |
|
|
|
Guest
|
> Jaco Kroon wrote:
>> Hi,
>>
>
>>
>> So permitting the only certificate in the file usherchain was the root
>> CA
>> file then the given s_client session in the previous post is correct.
>> The
>> patch looks good, except I'd recommend to also update the error message
>> just beneath the changed line to also reflect the function call change.
>>
>
> Hi Jaco,
> For completeness I should have displayed that file. Yes it only has the
> root.
Just had to double check.
>> It should be noted that use_certificate_chain_file _REQUIRES_ that the
>> file be in PEM format (The way in which ejabberd was using it already
>> made
>> this assumption so this won't be a problem), it is also possible to
>> encode
>> the entire chain using DER format, however I'm not sure how one would go
>> about loading that into OpenSSL (I suspect one may need to use
>> use_certificate_file again - the DER encoding indicates whether a single
>> certificate is contained or whether there are multiple certificates).
>>
>
> What struck me as odd was that in the Oreilly OpenSSL book it says that
> you must have the entire chain in the file you pass to
> use_certificate_chain_file. It must do something to validate the chain
> and then not send the root.
AFAIK OpenSSL doesn't actually do any verification of that chain, but I
have been wondering about it the last couple of days (even before digging
into this issue with ejabberd). The RFC dictates that the certificates
should be in-order in the ServerHello, with the first first certificate
being the entity certificate, followed by it's issuer and so forth upto
either the 2nd or 1st level CA. Thus I wonder whether OpenSSL does any
re-ordering required or not.
The reason for not requiring the 1st level CA is simply that the user
needs a copy of that cert in any case to decide whether it's trusted or
not, and it needs a full copy in order to verify that the public key does
indeed match the private key used to sign the self-signed CA cert. It can
locate this certificate based on the issuer name in the 2nd-level
certificate.
If OpenSSL does indeed perform some kind of verification it may well bomb
out then if only given a third or second level cert. The chain is
_ALWAYS_ terminated at the root with a self-signed certificate. So in
this case it would make sense that the full chain should be in the file.
This would also allow OpenSSL to re-order the chain.
This should be trivial to test, unfortunately I don't have an
"experimental" jabber server. So if someone with a set up experimental
box could please just take a 2nd/3rd level certificate without the full
chain and pass that to the new code it will either load the chain of one
certificate and present that, or it will bomb out. Then try adding one
extra cert at a time, each time only adding the issuer of the previously
added certificate. Then try with the chain re-ordered (need at least a
3rd level cert), as entity, root-ca, intermediate-ca. I'm betting that
everything except the re-ordered chain will work (albeit the connection
will give errors on a 3rd-level only certificate).
Jaco
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Dec 20, 2006 8:31 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Wed Dec 20, 2006 8:31 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Tue Jan 02, 2007 8:22 pm |
|
|
|
Guest
|
Jaco Kroon wrote:
>>Hello,
>>
>>Le 19 d |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
