[Swan-dev] commit 9bc2e4e7f61 broke self-signed certs
Andrew Cagney
andrew.cagney at gmail.com
Thu Nov 14 15:49:58 UTC 2019
I've sent a question to the NSS list. It seems that
CERT_PKIXVerifyCert() consideres a cert already in the NSS DB to be
implicitly valid.
On Tue, 12 Nov 2019 at 22:42, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> On Tue, 12 Nov 2019 at 21:01, Paul Wouters <paul at nohats.ca> wrote:
> >
> > On Tue, 12 Nov 2019, Andrew Cagney wrote:
> >
> > > as in ...
> > >
> > > conn westnet-eastnet-x509
> > > ikev2=no
> > > also=westnet
> > > also=eastnet
> > > left=192.1.2.45
> > > leftcert=west
> > > leftid=%fromcert
> > > right=192.1.2.23
> > > rightid=%fromcert
> > > rightcert=east
> >
> > Yes.
> >
> > >> I still think this check should go away.
> > >
> > > After checking that there are root certs, the code:
> > >
> > > - creates a list of certs sent over the wire
> > > - feeds this untrusted list + the root into CERT_PKIXVerifyCert() with:
> > >
> > > {
> > > .type = cert_pi_trustAnchors,
> > > .value = { .pointer = { .chain = trustcl } }
> > > },
> > > {
> > > .type = cert_pi_useOnlyTrustAnchors,
> > > .value = { .scalar = { .b = PR_TRUE } }
> > > },
> > >
> > > so if there's no root, or the only root is wrong, how can this pass?
> > > See lib/certdb/certt.h
> >
> > Looking at the logs of x509-pluto-05, the code never calls
> > verify_end_cert(). I made an ikev2 version of this test,
> > ikev2-x509-pluto-05 and it too never calls verify_end_cert()
> >
> > It does call find_and_verify_certs() which calls get_root_certs()
>
> Right. If there's no root cert, find_and_verify_certs() tosses the
> cert payload and then both returns NULL and clears BAD. Since BAD is
> clear the code doesn't treat this as fatal and stumbles on finally
> using eastcert=east to select and use the local cert.
>
> If the message:
>
> 003 "westnet-eastnet-x509" #1: Authenticated using RSA with SHA-1
>
> also include the cert used to authenticate this would be clearer.
>
> > Changing west to use the cert "road" properly fails:
> >
> > loading root certificate cache
> > "westnet-eastnet-x509" #1: No Certificate Authority in NSS Certificate DB! Certificate payloads discarded.
> > "westnet-eastnet-x509" #1: certificate subjectAltName extension does not match ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org'
> > "westnet-eastnet-x509" #1: Peer ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road at testing.libreswan.org' mismatched on first found connection and no better connection found
> > "westnet-eastnet-x509" #1: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification AUTHENTICATION_FAILED
> >
> > Paul
More information about the Swan-dev
mailing list