Project

General

Profile

Bug #2937

SSL client certificate validation needs dedicated ssl.verifyclient.ca-file

Added by wschlich 3 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
TLS
Target version:
Start date:
2019-03-01
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL as well as https://redmine.lighttpd.net/issues/1288 SSL client certification uses the parameter "ssl.ca-file" for the list of trusted CA certificates that eligible client certificates must be signed from.
At the same time, this parameter is being used for sending out any intermediate CA certificates that were used to sign the server certificate contained in "ssl.pemfile".

This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.

This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.

I suggest to:

1. Add a parameter "ssl.verifyclient.ca-file" to be able to configure a dedicated set of CA certificates that are only being used for verifying client certificates
2. Rename "ssl.ca-crl-file" to "ssl.verifyclient.ca-crl-file" to point out it's only being used for client certificate verification
3. Rename "ssl.ca-dn-file" to "ssl.verifyclient.ca-dn-file" to point out it's only being used for client certificate verification

Cheers,
Wolfram

History

#1

Updated by gstrauss 3 months ago

Thank you for the report.

It will take some work to put together a solution with a little impact as possible to current usage (intended or not), to minimize breakage of existing configs.

#2

Updated by gstrauss 3 months ago

Perhaps the documentation needs to be made clearer.

The verify_callback() function in mod_openssl contains this comment:

        /* verify that client cert is issued by CA in ssl.ca-dn-file
         * if both ssl.ca-dn-file and ssl.ca-file were configured */

If I understand you correctly, this is your goal. Is that right?

If ssl.ca-dn-file is not specified, then ssl.ca-file is used for client cert validation.

Please see the commit message for commit 9fd39690

#3

Updated by wschlich 3 months ago

gstrauss: This seems very weird to me. According to https://redmine.lighttpd.net/issues/2694 ssl.ca-dn-file is just a file that should contain DNs of CAs that should be hinted to clients in the TLS handshake, not actual trusted CA certificates (see also https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL -> "but not trusted root CAs"). So, what's true here?

#4

Updated by wschlich 2 months ago

gstrauss: Any news here? :)

Also available in: Atom