From 4a1bd6b935ca5c5b70408a60036312d4825fd24e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 5 May 2019 19:23:37 +0100 Subject: [PATCH] OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption --- doc/doc-txt/experimental-spec.txt | 7 ++++--- src/src/globals.h | 1 + src/src/tls-openssl.c | 27 +++++++++++++++++++++----- test/log/5891 | 32 +++++++++++++++---------------- 4 files changed, 43 insertions(+), 24 deletions(-) diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 211841f3f..aa7046e58 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -993,15 +993,16 @@ Observability: New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X=" element. - Variables $tls_{in,out}_resumption have bit 0-4 indicating respectively + Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively support built, client requested ticket, client offered session, server issued ticket, resume used. A suitable decode list is provided in the builtin macro _RESUME_DECODE for ${listextract {}{}}. Issues: In a resumed session: - $tls_{in,out}_certificate_verified will be unset (undler OpenSSL) - verify = certificate will be false (undler OpenSSL) + $tls_{in,out}_certificate_verified will be set, and verify = certificate + will be true, when verify failed but tls_try_verify_hosts allowed the + connection (under OpenSSL) $tls_{in,out}_cipher will have values different to the original (under GnuTLS) $tls_{in,out}_ocsp will be "not requested" or "no response" diff --git a/src/src/globals.h b/src/src/globals.h index 1aacaf7e6..e98ff7fe1 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -108,6 +108,7 @@ typedef struct { BOOL host_resumable:1; BOOL ticket_received:1; #endif + BOOL verify_override:1; /* certificate_verified only due to tls_try_verify_hosts */ } tls_support; extern tls_support tls_in; extern tls_support tls_out; diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 4b3847712..ee52b7caa 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -526,6 +526,7 @@ if (ev) } DEBUG(D_tls) debug_printf("Event-action verify failure overridden " "(host in tls_try_verify_hosts)\n"); + tlsp->verify_override = TRUE; } X509_free(tlsp->peercert); tlsp->peercert = old_cert; @@ -603,6 +604,7 @@ if (preverify_ok == 0) } DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in " "tls_try_verify_hosts)\n"); + tlsp->verify_override = TRUE; } else if (depth != 0) @@ -679,8 +681,9 @@ else tlsp->peercert = X509_dup(cert); /* record failing cert */ return 0; /* reject */ } - DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in " + DEBUG(D_tls) debug_printf("SSL verify name failure overridden (host in " "tls_try_verify_hosts)\n"); + tlsp->verify_override = TRUE; } } @@ -691,7 +694,6 @@ else DEBUG(D_tls) debug_printf("SSL%s verify ok: depth=0 SN=%s\n", *calledp ? "" : " authenticated", dn); - if (!*calledp) tlsp->certificate_verified = TRUE; *calledp = TRUE; } @@ -748,7 +750,7 @@ DEBUG(D_tls) debug_printf("verify_callback_client_dane: %s depth %d %s\n", if (preverify_ok == 1) { - tls_out.dane_verified = tls_out.certificate_verified = TRUE; + tls_out.dane_verified = TRUE; #ifndef DISABLE_OCSP if (client_static_cbinfo->u_ocsp.client.verify_store) { /* client, wanting stapling */ @@ -2153,8 +2155,23 @@ if (tlsp->peercert) { DEBUG(D_tls) debug_printf("X509_NAME_oneline() error\n"); } else { - peerdn[siz-1] = '\0'; - tlsp->peerdn = peerdn; /*XXX a static buffer... */ + int oldpool = store_pool; + + peerdn[siz-1] = '\0'; /* paranoia */ + store_pool = POOL_PERM; + tlsp->peerdn = string_copy(peerdn); + store_pool = oldpool; + + /* We used to set CV in the cert-verify callbacks (either plain or dane) + but they don't get called on session-resumption. So use the official + interface, which uses the resumed value. Unfortunately this claims verified + when it actually failed but we're in try-verify mode, due to us wanting the + knowlege that it failed so needing to have the callback and forcing a + permissive return. If we don't force it, the TLS startup is failed. + Hence the verify_override bodge - though still a problem for resumption. */ + + if (!tlsp->verify_override) + tlsp->certificate_verified = SSL_get_verify_result(ssl) == X509_V_OK; } } diff --git a/test/log/5891 b/test/log/5891 index 1070bee0c..6edba3c0a 100644 --- a/test/log/5891 +++ b/test/log/5891 @@ -13,7 +13,7 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed 1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx @@ -26,31 +26,31 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed 1999-03-02 09:44:33 10HmbC-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbC-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbC-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00" 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed 1999-03-02 09:44:33 10HmbE-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbE-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbE-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00" +1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00" 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex 1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket @@ -89,7 +89,7 @@ 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed 1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx @@ -102,42 +102,42 @@ 1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00" -1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00" +1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00" +1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00" 1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00" 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex 1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket 1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbP-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbP-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00" +1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00" 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex 1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed 1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbR-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbR-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00" +1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00" 1999-03-02 09:44:33 10HmbR-0005vi-00 Completed 1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex 1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket 1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK -1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified 0 +1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified 1 1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp 1 1999-03-02 09:44:33 10HmbT-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 10HmbT-0005vi-00 bits 256 -1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00" +1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00" 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex 1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption not requested or offered -- 2.30.2