Fwd: Fwd: Bug in openssl s_client verification

Jeffrey Walton noloader at gmail.com
Thu Jul 9 04:25:26 PDT 2015


Emails to secure@ and security@ bounced. RFC 2142
(https://www.ietf.org/rfc/rfc2142.txt) standardized security@, so its
not clear to me why it bounced.

My apologies if this was supposed to be filed elsewhere. It was not
obvious or clear to me where to provide the report.
https://www.macports.org/contact.php does not use the word "secure" or
"security".

---------- Forwarded message ----------
From: Jeffrey Walton <noloader at gmail.com>
Date: Thu, Jul 9, 2015 at 7:20 AM
Subject: Re: Fwd: Bug in openssl s_client verification
To: secure at macports.org, security at macports.org
Cc: Matt Caswell <matt at openssl.org>

+ the Macports folks since this appears to be a problem with Macports:

    $ which openssl
    /opt/local/bin/openssl

- the OpenSSL folks.

Sorry to everyone involved about the mixup.

When I use my copy of OpenSSL in /usr/local/ssl, the verification
fails as expected.

> In fact, I get a "Verify return code: 0 (ok)" even using the wrong CA,
> like Google CA (https://pki.google.com/):
>
> $ openssl s_client -servername 'www.delinat.com' -connect
> www.delinat.com:443 -CAfile Google-CA.pem

Above, I used the wrong CA and it still verified. Google does not
certify the server at www.delinat.com.

Credit to Dorian on Stack Overflow at http://stackoverflow.com/q/31311993.

Jeff

On Thu, Jul 9, 2015 at 6:56 AM, Matt Caswell <matt at openssl.org> wrote:
> Your email address was wrong - should be openssl-security at openssl.org
> (cc'd in this email).
>
> I can't replicate this?? If I do this:
>
> $ openssl s_client -servername 'www.delinat.com' -connect
> www.delinat.com:443 -CApath foo
>
> I get:
>     Verify return code: 20 (unable to get local issuer certificate)
>
> Matt
>
> -------- Forwarded Message --------
> Subject: Fwd: Bug in openssl s_client verification
> Date: Thu, 9 Jul 2015 06:48:48 -0400
> From: Jeffrey Walton <noloader at gmail.com>
> Reply-To: noloader at gmail.com
> To: Matt Caswell <matt at openssl.org>
>
> FYI... It looks like the security related email addresses bounced.
>
> On a second read, the complaint is not obvious. Essentially its no
> trust anchors were used because the params were bad. But rather than
> returning a verification failure, I got a verification Ok message.
>
> In fact, I get a "Verify return code: 0 (ok)" even using the wrong CA,
> like Google CA (https://pki.google.com/):
>
> $ openssl s_client -servername 'www.delinat.com' -connect
> www.delinat.com:443 -CAfile Google-CA.pem
>
> ---------- Forwarded message ----------
> From: Jeffrey Walton <noloader at gmail.com>
> Date: Thu, Jul 9, 2015 at 4:46 AM
> Subject: Bug in openssl s_client verification
> To: security at openssl.org, secure at openssl.org
>
> From http://stackoverflow.com/q/31311993. In the test below, server's
> certificate is issued by Thawte and the directory foo/ does not exist.
> But OpenSSL reports "Verify return code: 0 (ok)".
>
> **********
>
> $ uname -a
> Darwin riemann.home.dmz 12.6.0 Darwin Kernel Version 12.6.0: Wed Mar
> 18 16:23:48 PDT 2015; root:xnu-2050.48.19~1/RELEASE_X86_64 x86_64
> riemann::~$ openssl version
> OpenSSL 1.0.2c 12 Jun 2015
>
> **********
>
> $ openssl s_client -servername 'www.delinat.com' -connect
> www.delinat.com:443 -CApath foo
> CONNECTED(00000003)
> depth=2 C = US, O = "thawte, Inc.", OU = Certification Services
> Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN =
> thawte Primary Root CA
> verify return:1
> depth=1 C = US, O = "thawte, Inc.", CN = thawte SSL CA - G2
> verify return:1
> depth=0 C = CH, ST = St.Gallen, L = St.Gallen, O = Delinat AG, OU =
> E-COMMERCE, CN = www.delinat.com
> verify return:1
> ---
> Certificate chain
>  0 s:/C=CH/ST=St.Gallen/L=St.Gallen/O=Delinat
> AG/OU=E-COMMERCE/CN=www.delinat.com
>    i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
>  1 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
>    i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
> 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
>  2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
> 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
>    i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
> cc/OU=Certification Services Division/CN=Thawte Premium Server
> CA/emailAddress=premium-server at thawte.com
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIEuzCCA6OgAwIBAgIQbUCL4EybF/hQ9qs1Gxt5vTANBgkqhkiG9w0BAQsFADBB
> MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
> aGF3dGUgU1NMIENBIC0gRzIwHhcNMTQxMjA0MDAwMDAwWhcNMTcwNzA5MjM1OTU5
> WjB5MQswCQYDVQQGEwJDSDESMBAGA1UECAwJU3QuR2FsbGVuMRIwEAYDVQQHDAlT
> dC5HYWxsZW4xEzARBgNVBAoMCkRlbGluYXQgQUcxEzARBgNVBAsMCkUtQ09NTUVS
> Q0UxGDAWBgNVBAMMD3d3dy5kZWxpbmF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
> ggEPADCCAQoCggEBAL/Cugnx7ececDIXHptnrrlqv3ux+NKx7Zf1La8rg5FHOTo1
> UcQdUsjVGazkixnm+KUtaNEfaHe5Y52qxLzB2L67HeXBc7sxcVRrLd/9LkC3tgSC
> iKLDH9AeQ9td5W/nDmG+YGZgRcKrZKqr0fL/z6nXKD1sudd5mMnUbSK7QGoiz+Z0
> jGN/cEuSAx1XsL2CuRz3qCf/KdHqDpjwO3lf13iqVdKSFUwHxOnDYakHGDtAjYsC
> gOVdhRYU9NzNH5DnrOjuW1Tp80b13xEBLdXMerXahVZK844GV2p3N3GrbyRWVhP2
> qvJ51GZbJqiKQWEdnraC+IUcIwkD8c80QPfR3QUCAwEAAaOCAXUwggFxMBoGA1Ud
> EQQTMBGCD3d3dy5kZWxpbmF0LmNvbTAJBgNVHRMEAjAAMHIGA1UdIARrMGkwZwYK
> YIZIAYb4RQEHNjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29t
> L2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9z
> aXRvcnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F
> 29kutVJgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90ai5zeW1jYi5jb20vdGou
> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRL
> MEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly90ai5zeW1jZC5jb20wJgYIKwYBBQUHMAKG
> Gmh0dHA6Ly90ai5zeW1jYi5jb20vdGouY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQB9
> BL3CzM9AmZuqlx0M6CMP9f+y9EUm9iD2CFnM8OReM6lVraB9rta7eLG+mM9Pw/MA
> SFmJ90/PKvjlAwse77xukwXPdYCZ05cQlO5KrKW+fYsI+6pDYvYBTsfSwyyaRB9q
> gPJ9VktF8Clmp1jx/sm6gD3P7f8TT28lbHCoE5XA+nKuWOAqxu8w/A884pEDvfQf
> S0eHRvY0tvR65HlfpIqwVeNIHMHwZzt+zoPVHcMuIXM6HIRWBpwLzokTd7IdJGEN
> 8vqGPZfxcyO8qbLIliZBvsAQy4ShfAY/f0mifu9tsPtwHUkuagJ5KYf/LONyDeKr
> 5/Wm/yhKBdfAb5VxihIi
> -----END CERTIFICATE-----
> subject=/C=CH/ST=St.Gallen/L=St.Gallen/O=Delinat
> AG/OU=E-COMMERCE/CN=www.delinat.com
> issuer=/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
> ---
> No client certificate CA names sent
> Peer signing digest: SHA1
> Server Temp Key: DH, 1024 bits
> ---
> SSL handshake has read 4421 bytes and written 532 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : DHE-RSA-AES256-GCM-SHA384
>     Session-ID:
> 55E17037F3867B85AEBAAD814CA44BB27BE47B49899E71D646AECAAFC16F15D6
>     Session-ID-ctx:
>     Master-Key:
> 0F69F2E7C6BF1E1501B38751590E3D2192C230B74CBD37B31813C7844D6B8CD90A0C38536485DB9D251C8DA760B27E7F
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     TLS session ticket lifetime hint: 300 (seconds)
>     TLS session ticket:
>     0000 - a8 b2 3c a1 9e 5a 65 77-d4 bc 9c 95 8f 1a 48 b0
> ..<..Zew......H.
>     0010 - 3c 9a 49 ea 0c 63 88 b6-16 19 90 83 d6 79 57 d2
> <.I..c.......yW.
>     0020 - 96 20 3e 59 02 d9 c3 bb-49 3f c0 cb 10 8b 85 ca   .
>>Y....I?......
>     0030 - b7 00 16 b1 f7 61 32 4b-d4 eb b0 a4 ee 9b 3e 31
> .....a2K......>1
>     0040 - 01 ad c8 90 e7 ba a0 23-03 25 77 4a f6 65 04 0d
> .......#.%wJ.e..
>     0050 - 98 cb d7 57 8c a5 b0 bf-ad 63 f8 79 e5 97 14 87
> ...W.....c.y....
>     0060 - ba 88 d7 8c f0 32 74 91-6c 87 2f ea ab 2d 69 91
> .....2t.l./..-i.
>     0070 - 4d 02 a6 db 27 1e 36 f7-95 a9 64 ee f2 52 95 ed
> M...'.6...d..R..
>     0080 - 12 2c 46 66 ce df b7 35-75 ca ce 7c 64 b0 f3 d9
> .,Ff...5u..|d...
>     0090 - ca f1 54 ac f2 de f6 a9-77 73 c4 f0 28 a9 0f d0
> ..T.....ws..(...
>     00a0 - 1b 0c cc 97 81 71 ad 35-a7 5b 5a 45 9c 57 08 56
> .....q.5.[ZE.W.V
>     00b0 - a6 a3 41 12 af 3d b5 9c-1a b7 0b 07 74 79 e1 08
> ..A..=......ty..
>     00c0 - ca 8b a0 9f 83 27 4b 75-d0 d4 d1 c1 85 35 d8 51
> .....'Ku.....5.Q
>
>     Start Time: 1436432045
>     Timeout   : 300 (sec)
>     Verify return code: 0 (ok)


More information about the macports-users mailing list