[Swan-dev] commit 9bc2e4e7f61 broke self-signed certs

Wed Nov 13 03:42:35 UTC 2019

On Tue, 12 Nov 2019 at 21:01, Paul Wouters <paul at nohats.ca> wrote:
>
> On Tue, 12 Nov 2019, Andrew Cagney wrote:
>
> > as in ...
> >
> > conn westnet-eastnet-x509
> >        ikev2=no
> >        also=westnet
> >        also=eastnet
> >        left=192.1.2.45
> >        leftcert=west
> >        leftid=%fromcert
> >        right=192.1.2.23
> >        rightid=%fromcert
> >        rightcert=east
>
> Yes.
>
> >> I still think this check should go away.
> >
> > After checking that there are root certs, the code:
> >
> > - creates a list of certs sent over the wire
> > - feeds this untrusted list + the root into CERT_PKIXVerifyCert() with:
> >
> >        {
> >            .type = cert_pi_trustAnchors,
> >            .value = { .pointer = { .chain = trustcl } }
> >        },
> >        {
> >            .type = cert_pi_useOnlyTrustAnchors,
> >            .value = { .scalar = { .b = PR_TRUE } }
> >        },
> >
> > so if there's no root, or the only root is wrong, how can this pass?
> > See lib/certdb/certt.h
>
> Looking at the logs of x509-pluto-05, the code never calls
> verify_end_cert(). I made an ikev2 version of this test,
> ikev2-x509-pluto-05 and it too never calls verify_end_cert()
>
> It does call find_and_verify_certs() which calls get_root_certs()

Right.  If there's no root cert, find_and_verify_certs() tosses the
cert payload and then both returns NULL and clears BAD.  Since BAD is
clear the code doesn't treat this as fatal and stumbles on finally
using eastcert=east to select and use the local cert.

If the message:

 003 "westnet-eastnet-x509" #1: Authenticated using RSA with SHA-1

also include the cert used to authenticate this would be clearer.

> Changing west to use the cert "road" properly fails:
>
> loading root certificate cache
> "westnet-eastnet-x509" #1: No Certificate Authority in NSS Certificate DB! Certificate payloads discarded.
> "westnet-eastnet-x509" #1: certificate subjectAltName extension does not match ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org'
> "westnet-eastnet-x509" #1: Peer ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road at testing.libreswan.org' mismatched on first found connection and no better connection found
> "westnet-eastnet-x509" #1: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification AUTHENTICATION_FAILED
>
> Paul