Bug #2937
closedSSL client certificate validation needs dedicated ssl.verifyclient.ca-file
Description
According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL as well as https://redmine.lighttpd.net/issues/1288 SSL client certification uses the parameter "ssl.ca-file" for the list of trusted CA certificates that eligible client certificates must be signed from.
At the same time, this parameter is being used for sending out any intermediate CA certificates that were used to sign the server certificate contained in "ssl.pemfile".
This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.
This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.
I suggest to:
1. Add a parameter "ssl.verifyclient.ca-file" to be able to configure a dedicated set of CA certificates that are only being used for verifying client certificates
2. Rename "ssl.ca-crl-file" to "ssl.verifyclient.ca-crl-file" to point out it's only being used for client certificate verification
3. Rename "ssl.ca-dn-file" to "ssl.verifyclient.ca-dn-file" to point out it's only being used for client certificate verification
Cheers,
Wolfram
Updated by gstrauss about 5 years ago
Thank you for the report.
It will take some work to put together a solution with a little impact as possible to current usage (intended or not), to minimize breakage of existing configs.
Updated by gstrauss about 5 years ago
Perhaps the documentation needs to be made clearer.
The verify_callback() function in mod_openssl contains this comment:
/* verify that client cert is issued by CA in ssl.ca-dn-file
* if both ssl.ca-dn-file and ssl.ca-file were configured */
If I understand you correctly, this is your goal. Is that right?
If ssl.ca-dn-file is not specified, then ssl.ca-file is used for client cert validation.
Please see the commit message for commit 9fd39690
Updated by wschlich about 5 years ago
@gstrauss: This seems very weird to me. According to https://redmine.lighttpd.net/issues/2694 ssl.ca-dn-file is just a file that should contain DNs of CAs that should be hinted to clients in the TLS handshake, not actual trusted CA certificates (see also https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL -> "but not trusted root CAs"). So, what's true here?
Updated by gstrauss almost 5 years ago
- Status changed from New to Invalid
- Target version deleted (
1.4.x)
So, what's true here?
The code is what is true. In 2017, commit 0399609a for #2694 was corrected by commit 9fd39690 in the development tree about a week later. The commit message for 9fd39690 is what was intended by the changes in that commit, and is what I have reiterated above. It does not appear to me that you read it before posting your response.
Please check the dates on your references before posting them. #1288 is from 2009. #2694 is from 2017 as is the subsequent commit 9fd39690, which I referenced. The documentation Docs_SSL is (or should be) current, and as I mentioned above, might need some adjustments to make things clearer.
This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.
This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.
Did you test that, or are you projecting from your misunderstanding of the documentation? If that were the behavior, then that would be a bug. However, it is not the behavior. ssl.ca-dn-file was created in 2017 to address this limitation. (See 0399609a for #2694 and commit 9fd39690)
ssl.ca-dn-file is used to verify client certs when ssl.ca-dn-file is specified in the lighttpd configuration. When ssl.ca-dn-file is not specified in the lighttpd configuration, only then is ssl.ca-file used to verify client certs, and this behavior is present only for backwards compatibility with lighttpd configurations written before the ssl.ca-dn-file directive existed.
[Edit] The lighttpd SSL documentation has been updated to clarify that ssl.ca-dn-file is a copy of a subset of ssl.ca-file. ssl.ca-dn-file is the list of DNs sent to the client by the server in a certificate request, and the list is used by the client for certificate selection. ssl.ca-file is used to validate the certificate sent by the client. In addition, lighttpd requires that the certificate sent by the client must be issued by an entry in ssl.ca-dn-file.
Also available in: Atom