Project

General

Profile

Bug #2937

SSL client certificate validation needs dedicated ssl.verifyclient.ca-file

Added by wschlich 5 months ago. Updated about 2 months ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
TLS
Target version:
-
Start date:
2019-03-01
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL as well as https://redmine.lighttpd.net/issues/1288 SSL client certification uses the parameter "ssl.ca-file" for the list of trusted CA certificates that eligible client certificates must be signed from.
At the same time, this parameter is being used for sending out any intermediate CA certificates that were used to sign the server certificate contained in "ssl.pemfile".

This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.

This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.

I suggest to:

1. Add a parameter "ssl.verifyclient.ca-file" to be able to configure a dedicated set of CA certificates that are only being used for verifying client certificates
2. Rename "ssl.ca-crl-file" to "ssl.verifyclient.ca-crl-file" to point out it's only being used for client certificate verification
3. Rename "ssl.ca-dn-file" to "ssl.verifyclient.ca-dn-file" to point out it's only being used for client certificate verification

Cheers,
Wolfram

History

#1

Updated by gstrauss 5 months ago

Thank you for the report.

It will take some work to put together a solution with a little impact as possible to current usage (intended or not), to minimize breakage of existing configs.

#2

Updated by gstrauss 5 months ago

Perhaps the documentation needs to be made clearer.

The verify_callback() function in mod_openssl contains this comment:

        /* verify that client cert is issued by CA in ssl.ca-dn-file
         * if both ssl.ca-dn-file and ssl.ca-file were configured */

If I understand you correctly, this is your goal. Is that right?

If ssl.ca-dn-file is not specified, then ssl.ca-file is used for client cert validation.

Please see the commit message for commit 9fd39690

#3

Updated by wschlich 5 months ago

gstrauss: This seems very weird to me. According to https://redmine.lighttpd.net/issues/2694 ssl.ca-dn-file is just a file that should contain DNs of CAs that should be hinted to clients in the TLS handshake, not actual trusted CA certificates (see also https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL -> "but not trusted root CAs"). So, what's true here?

#4

Updated by wschlich 4 months ago

gstrauss: Any news here? :)

#5

Updated by gstrauss about 2 months ago

  • Status changed from New to Invalid
  • Target version deleted (1.4.x)

So, what's true here?

The code is what is true. In 2017, commit 0399609a for #2694 was corrected by commit 9fd39690 in the development tree about a week later. The commit message for 9fd39690 is what was intended by the changes in that commit, and is what I have reiterated above. It does not appear to me that you read it before posting your response.

Please check the dates on your references before posting them. #1288 is from 2009. #2694 is from 2017 as is the subsequent commit 9fd39690, which I referenced. The documentation Docs_SSL is (or should be) current, and as I mentioned above, might need some adjustments to make things clearer.

This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.

This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.

Did you test that, or are you projecting from your misunderstanding of the documentation? If that were the behavior, then that would be a bug. However, it is not the behavior. ssl.ca-dn-file was created in 2017 to address this limitation. (See 0399609a for #2694 and commit 9fd39690)

ssl.ca-dn-file is used to verify client certs when ssl.ca-dn-file is specified in the lighttpd configuration. When ssl.ca-dn-file is not specified in the lighttpd configuration, only then is ssl.ca-file used to verify client certs, and this behavior is present only for backwards compatibility with lighttpd configurations written before the ssl.ca-dn-file directive existed.

Also available in: Atom