OpenSSL 1.1.1h not detecting expired certs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL 1.1.1h not detecting expired certs

Paul Smith
I have a server linked (statically) with OpenSSL 1.1.1g (GNU/Linux,
64bit).  I built everything myself, I'm not using any system libraries.

I have a test in my test suite that constructs an expired self-signed
cert and attempts to use it to connect to the server.  When I link my
server with OpenSSL 1.1.1g, it is detected properly and I see in the
log (this is a construct of various openssl error info):

  SSL_accept failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3
    alert certificate expired::0:SSL alert number 45

If I leave EVERYTHING the same about my environment and re-link the
server with OpenSSL 1.1.1h instead (just re-linking the binaries with a
new static libssl libcrypto), then this expired certificate is no
longer detected by the server and the connection succeeds.

To be sure I also tried recompiling with the 1.1.1h headers and see the
same behavior.

I can see that the expiration date is indeed wrong:

  $ openssl x509 -enddate -noout -in expired/trustStore.pem
  notAfter=Oct 27 15:58:50 2020 GMT

but this is not noticed by my server.

Does anyone have any ideas about what I might check to figure out
what's happening here?  The release notes discuss enabling MinProtocol
and MaxProtocol; I do not use these and in fact I don't invoke
SSL_CONF_*() at all.  Is this an issue?  Should I do this?

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.1.1h not detecting expired certs

Paul Smith
On Sun, 2020-11-01 at 11:16 -0500, Paul Smith wrote:
> Does anyone have any ideas about what I might check to figure out
> what's happening here?  The release notes discuss enabling
> MinProtocol and MaxProtocol; I do not use these and in fact I don't
> invoke SSL_CONF_*() at all.  Is this an issue?  Should I do this?

Hm.

OK, I checked my code and I wasn't using SSL_CONF_*(), but I was using
this after I created my SSL_CTX:

    _ctxt = SSL_CTX_new(TLS_method());
    SSL_CTX_set_min_proto_version(_ctxt, TLS1_2_VERSION);

Does that no longer work properly for some reason?

If I replace the above with this:

    _ctxt = SSL_CTX_new(TLS_method());
    SSL_CONF_CTX* cctxt = SSL_CONF_CTX_new();
    SSL_CONF_CTX_set_ssl_ctx(cctxt, _ctxt);
    SSL_CONF_cmd(cctxt, "MinProtocol", "TLSv1.2");

Now it works.

Is this a bug?  Or was I just never using the interface properly?

If I switch to the new method of configuration, it's not clear to me
whether or not I need to preserve the SSL_CONF_CTX structure after the
above code bit, as long as the SSL_CTX is there, or if I can free it
immediately afterward.

Based on the way it's used it seems like it only needs to exist as long
as I need to configure the SSL_CTX, then it can go away and the SSL_CTX
can live on.

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.1.1h not detecting expired certs

Viktor Dukhovni
In reply to this post by Paul Smith
On Sun, Nov 01, 2020 at 11:16:24AM -0500, Paul Smith wrote:

> I have a test in my test suite that constructs an expired self-signed
> cert and attempts to use it to connect to the server.  When I link my
> server with OpenSSL 1.1.1g, it is detected properly and I see in the
> log (this is a construct of various openssl error info):
>
>   SSL_accept failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3
>     alert certificate expired::0:SSL alert number 45

Just to make sure I've understood you correctly, the certificate in
question is used as a client certificate, right?  And the server is
both soliciting and *requiring* client certificates?

What software is the client using?  Is the (partly) negotiated protocol
TLS 1.2 or TLS 1.3?

If the client uses some random self-signed certificate, why does it
matter whether it is expired or not?  It is untrusted regardless...  Or
is the server configured to explicitly trust this self-signed
certificate, but you want to do that only until "expiration"?

What verify callback, if any, are you using in your server?

> If I leave EVERYTHING the same about my environment and re-link the
> server with OpenSSL 1.1.1h instead (just re-linking the binaries with a
> new static libssl libcrypto), then this expired certificate is no
> longer detected by the server and the connection succeeds.

It would be helpful if you posted the client public certificate (no need
for the private key).  Details of its construction can affect the
verification failure mode.

--
    Viktor.