1 (edited by hstr 2016-05-12 23:33:47)

Topic: Problems with certificate verification

Hi,

I've encountered some problems with the verification of the included certificate. The verification does not work for me with the wolfSSL client and server.

Here is the interesting code of the server that I use:

    if (wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        TerminateTask();
    }

    if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        TerminateTask();
    }

If I connect to the server the following openssl messages appear:

OpenSSL> s_client -CAfile C:\certs\ca-cert.pem -state -tls1 -connect 192.168.0.21:7000
Loading 'screen' into random state - done
CONNECTED(000000E4)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
   i:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUxMTIz
MTI0OTM3WhcNMTgwODE5MTI0OTM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCATEwggEtMB0GA1UdDgQW
BBSzETLJkpiE4sn40DtuA0LKHw6OPDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCmZjhJRZvcgTAMBgNVHRMEBTADAQH/
MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDoy
MjIyMjANBgkqhkiG9w0BAQsFAAOCAQEAcRePb33WEQF5rOnC+3FpawxkkcEyi5xi
crViu/jPbCff8GTWSlVPf0qLe4BbPKAxsCWSAgKcmaWODGHvtB4BLhzpnFkt724D
TfFZ5V9pZlwK5s32dCCGTPaPIoZofv5nPz0ZuGHvxaVYqCrO0yynG93IWcfnz0JC
26/+FYLJ5VP6tDdVZ0cP5ySIFKNsvl9yBV9WM6p/rC4Qkrei+cFiDDsMaZpxFRG8
N7+OIxTCsQ3fiUUe3xTolTWIJ6ir3XwjP7v+Tg7qpu71d/uquCgz+WGw0nlGpLqg
kMjnlo8n6R7QkkO7hMfzKAxBqnc5ZaoNArDgTbEXQcnw1EeH+w/wQA==
-----END CERTIFICATE-----
subject=/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
issuer=/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
---
No client certificate CA names sent
---
SSL handshake has read 1402 bytes and written 414 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 641F42F3F2E0E2D976EF5B1A157CCEE96B9A3C6419D042FD1445B06BBD0EBE7B
    Session-ID-ctx:
    Master-Key: 9621E893DD2D92BD6172548E234A6BCA1287C8AF4AAB053CFAA813F90664AE4F3B227FD622B1D482399B830774B8CE49
    Key-Arg   : None
    Start Time: 1463118929
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

After this messages the connection works, that means I can send and receive messages through it. It seems like openssl does not abort when the certificate could not be verified. Anyway I wonder why the verification does not work. A strange thing that I noticed is also the fact that the following command works: "OpenSSL> verify -CAfile C:\certs\ca-cert.pem C:\certs\server-cert.pem", the result is "C:\certs\ca-cert.pem: OK".

A similar behavior appears at the client, here is the interesting part of the clients code:

    if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        TerminateTask();
    }

When the client now connects to the openssl server the following messages appear:

OpenSSL> s_server -key C:\certs\server-key.pem -cert C:\certs\server-cert.pem -state -tls1 -accept 4444
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
bad gethostbyaddr
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL3 alert read:fatal:bad certificate
SSL_accept:failed in SSLv3 read client certificate A
ERROR
2040:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:./ssl/s3_pkt.c:1053:SSL alert number 42
shutting down SSL
CONNECTION CLOSED

When debugging the client, the WOLFSSL* ssl structure contains the error field with the value "-342" - "can't decode peer key";

All the certificates were copied from "wolfssl-3.9.0\certs". I also assumed that .der and .pem files with the same name are the same cert/key just in another format. (I had to write "ww." instead of "www." in the code above because otherwise I could not submit the thread - too many links)
Any help would be appreciated, thanks.

Share

Re: Problems with certificate verification

For the first case with the wolfSSL based server and OpenSSL s_client, this is exactly what I expect to happen. The OpenSSL client is telling you that it doesn't like the certificate the server gave it, but since it is a test client it continues with the connection. Note the verify errors:

depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=ww.wolfssl.com/emailAddress=info@wolfssl.com
verify error:num=21:unable to verify the first certificate
verify return:1

As to the second case with the wolfSSL based client and OpenSSL s_server: According to Note 1 in our README file, "wolfSSL also no longer supports static key cipher suites with PSK, RSA, or ECDH." In your example, you are using the cipher suite AES128-SHA, which is a static RSA cipher suite. To get it to work you need to "#define WOLFSSL_STATIC_RSA" in your build.

Re: Problems with certificate verification

First of all thank you for the response.

To the wolfSSL server, why do you expect this to happen? I passed the openssl client the ca cert, so it should be able to verify the certificate of the server (server cert). Also the manual verification with the "verify" command of openssl works. (see my initial post)

To the wolfSSL client, I included the "#define WOLFSSL_STATIC_RSA" into my build but unfortunately this did not fix the error, the ssl structure still contains "-342" in the error field.

Share

Re: Problems with certificate verification

I've made some progress with the client:
The "-342" error was caused by a lack of memory, I increased the available memory and the error was gone.
But after this a new error appeared: error -401 - "DH Key too small", this could be fixed by creating a new dh param with openssl and adding it to the server: "-dhparam dh1024.pem". (By default the server used a 512 bit param).
That wasn't the last step either because the client now got stuck at the "FIRST_REPLY_FOURTH" state. I could not really figure out why this happened.
Finally I disabled the verification with "wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);" and the client could connected to the openssl server and sent a test message.

Share

Re: Problems with certificate verification

wolfSSL as Server

What I meant is that the OpenSSL s_client processes the certificates, but doesn't fail the connect if the certificate isn't good. It is printing the result

Verify return code: 21 (unable to verify the first certificate)

but not erroring out. Our example code fails the connect() or accept().

It looks like the certificates in cert_test.h are not the same as the certificates in the certs directory. I get different behavior between using the code version of the server certificate and the one in the directory. I see errors in OpenSSL like you do when I use the array version. The file version verifies as OK. (Note, the array version of the CA certificate will verify the array version of the server certificate.)

I have logged an issue into our GitHub issue tracker for updating the certs_test.h file.


wolfSSL as Client

Do you have a Wireshark capture of this transaction? Also, which options are you configuring with? This might be related to the issue above, as well, with the incorrect certificates.