Topic: Example of a client that doesn't attempt to contact OCSP Responder

It appears that the out-of-the-box version of wolfSSL (4.5.0) has the client sending an http request to an OCSP Responder, even when OCSP Stapling is enabled.  In my application, I only want OCSP Stapling to get this information from the server it is attempting to contact (actual OCSP Stapling), NOT attempt to contact the OCSP Responder.

Is there an example or information available on how such a client should be configured?  Also, how about the server side of this?  Is there an example of how the server should grab the OCSP Response for itself and make it available during handshaking (TLS 1.3)?

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

Hi,

Thanks for reaching out. I'm Hayden, a software engineer at wolfSSL.

If I configure wolfSSL 4.5.0 with --enable-ocspstapling2 and build, I'm able to use our example client to make a certificate status request using OCSP stapling:

examples/client/client -h example.com -p 443 -W 2 -A <path to cert>

I verified in Wireshark that no HTTP request goes out to the OCSP responder. If you want to try this specific example out yourself, using example.com, you can download the necessary root certificate here: https://cacerts.digicert.com/DigiCertGl … CA.crt.pem

Under the hood, in our example client, passing -W 2 turns on OCSP stapling V2. This results in function calls to wolfSSL_UseOCSPStaplingV2 and wolfSSL_CTX_EnableOCSP, which you can find documentation for here: https://www.wolfssl.com/doxygen/ssl_8h.html.

For the server side, check out our example server, examples/server/server.c. There, the -O option allows the user to specify an OCSP responder URL for the server to use. This results in calls to wolfSSL_CTX_SetOCSP_OverrideURL and wolfSSL_CTX_EnableOCSP. If you configured the library with --enable-ocspstapling2, wolfSSL_CTX_EnableOCSPStapling will also get called. You can find documentation for these additional functions at the same link above.

Let me know if that helps, and if you need anything else!

Best,

Hayden

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

hayden wrote:

If I configure wolfSSL 4.5.0 with --enable-ocspstapling2 and build, I'm able to use our example client to make a certificate status request using OCSP stapling:

examples/client/client -h example.com -p 443 -W 2 -A <path to cert>

Since I am using TLS1.3 I can't use OCSP Stapling V2, correct?  I believe I need to use the -W 1 option for the client.

I did get the client to work with an openSSL server that was configured to support the stapling request, so I believe my issue is with the server side of wolfSSL.

The problem is that the example server.c only seems to want to do peer status checks and does not perform a self status check that can be used to formulate an OCSP Response to a client OCSP Status Request.  Am I correct?  Do I need to implement this myself?

Share

4 (edited by hayden 2020-11-30 09:08:04)

Re: Example of a client that doesn't attempt to contact OCSP Responder

Since I am using TLS1.3 I can't use OCSP Stapling V2, correct?  I believe I need to use the -W 1 option for the client.

That's correct. If you're using TLS 1.3 you'll need to use OCSP Stapling V1.

I did get the client to work with an openSSL server that was configured to support the stapling request, so I believe my issue is with the server side of wolfSSL.

The problem is that the example server.c only seems to want to do peer status checks and does not perform a self status check that can be used to formulate an OCSP Response to a client OCSP Status Request.  Am I correct?  Do I need to implement this myself?

You'll need an OCSP responder server to act in concert with the wolfSSL server. We have an example of this, if you take a look at scripts/ocsp-stapling.test in the wolfSSL repository. This script sets up an OpenSSL server as an OCSP responder, which a wolfSSL server then contacts to get a certificate status that it then staples and passes along to a wolfSSL client.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

hayden wrote:

You'll need an OCSP responder server to act in concert with the wolfSSL server. We have an example of this, if you take a look at scripts/ocsp-stapling.test in the wolfSSL repository. This script sets up an OpenSSL server as an OCSP responder, which a wolfSSL server then contacts to get a certificate status that it then staples and passes along to a wolfSSL client.

I created an OCSP Responder using openssl.  The problem is that I do not see the wolfSSL server application attempting to pull its OCSP Status from the responder.  Since it doesn't do this, it never responds to the stapling request from the client.  Am I configuring the wolfSSL server application incorrectly?  Note, as mentioned previously, I am not using the -o or -O options with the server because they seem to cause it to want to verify the client, when it connects, instead of pulling its own OCSP Response and holding it for a client stapling request.

Share

6 (edited by hayden 2020-12-01 10:12:12)

Re: Example of a client that doesn't attempt to contact OCSP Responder

stroebeljc wrote:

I created an OCSP Responder using openssl.  The problem is that I do not see the wolfSSL server application attempting to pull its OCSP Status from the responder.  Since it doesn't do this, it never responds to the stapling request from the client.  Am I configuring the wolfSSL server application incorrectly?  Note, as mentioned previously, I am not using the -o or -O options with the server because they seem to cause it to want to verify the client, when it connects, instead of pulling its own OCSP Response and holding it for a client stapling request.

When I run scripts/ocsp-stapling.test and capture the traffic with Wireshark, I see our wolfSSL server reach out to the openSSL OCSP responder and get its cert status, which it then returns to the wolfSSL client.

The issue could definitely be an incorrectly configured wolfSSL server, and yes, you don't need to use -o/-O. Like you said, that will make the server request the cert status of the client.

As a next step, could you send me the commands you're using to set up your client, server, and OCSP responder? Then I can compare with scripts/ocsp-stapling.test and see where things might be going wrong. Feel free to send a PCAP, too, if readily available.

Share

7 (edited by stroebeljc 2020-12-04 07:35:48)

Re: Example of a client that doesn't attempt to contact OCSP Responder

When I add the following line after line 2873 in the client.c file I get the error "wolfSSL_connect error -407, Invalid OCSP Status Error":

wolfSSL_CTX_SetOCSP_Cb(ctx, NULL, NULL, NULL);

I have three bash windows open, each running one of the following commands:

openssl ocsp -port 22221 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem  -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem
examples/server/server.exe -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem -v 4

(and lastly)

examples/client/client.exe -A certs/ocsp/root-ca-cert.pem -v 4 -W 1

I've attached a couple of pcapng files from Wireshark, one with the above line (failed) and one without.

The upshot is that the above line prevents the client from requesting the response from the OCSP Responder.  I would expect the stapled response to be provided by the server, like happens when I use an openSSL server instead of a wolfSSL server, using the following:

openssl s_server -status -port 11111 -cert certs/ocsp/server1-cert.pem -key certs/ocsp/server1-key.pem -CAfile certs/ocsp/intermediate1-ca-cert.pem

I will provide a pcapng file for this session, also. (I am unable to attach more that one file to this post.)

Post's attachments

OCSP Stapling.pcapng 20.13 kb, 2 downloads since 2020-12-03 

You don't have the permssions to download the attachments of this post.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

2nd file

Post's attachments

OCSP Stapling failed.pcapng 16.68 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

and finally...

Post's attachments

OCSP Stapling with openSSL.pcapng 20.3 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

Hi stroebeljc,

Thanks for all the information and packet captures. I'm currently working on this, but it may be Monday before I'm able to get back to you.

Hayden

Share

11 (edited by stroebeljc 2020-12-04 20:28:31)

Re: Example of a client that doesn't attempt to contact OCSP Responder

No problem.  I'm also attaching the failed test run that occurs after making this change and running 'make test'.

Post's attachments

test-suite.log 8.2 kb, 2 downloads since 2020-12-05 

You don't have the permssions to download the attachments of this post.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

I just wanted to update you and let you know that I think there's a bug in our stapling code that's the root cause here. I'm working on a fix. I think I should be able to get it fixed by tomorrow, but I'll keep you posted.

Share

13 (edited by hayden 2020-12-08 13:34:45)

Re: Example of a client that doesn't attempt to contact OCSP Responder

I have a pull request waiting for merge into the wolfSSL repository that should fix the issue: https://github.com/wolfSSL/wolfssl/pull/3544

If you get a chance, could you download the patch for that PR, apply it to the wolfSSL code, re-build wolfSSL, and try your setup again?

Thanks for bringing this bug to our attention and for your detailed responses!

Share

14 (edited by stroebeljc 2020-12-09 07:00:34)

Re: Example of a client that doesn't attempt to contact OCSP Responder

I now see the server sending an OCSP Request and getting an OCSP Response.  However, the client does not reject the connection if a revoked certificate response is returned.  Any ideas?  What message is the client expecting to receive and process when the server  sends the stapled response?
Note that I am using ECDSA certificates instead of RSA.  Are ECDSA certificates supported for OCSP Stapling? (NO_RSA is defined in my application.)

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

Interesting. I'm going to check this out today and get back to you soon.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

Ok, I now have it working.  I am able define NO_RSA, so it does not appear that RSA is required.

However, I also found that I need to undefine NO_SHA and NO_WOLFSSL_SERVER on my client application.  SHA1 is required to verify Issuer Name and Issuer Key hashes. OCSP stapling verification seemed to disappear when I defined NO_WOLFSSL_SERVER.

Is this expected?  Why do I need to include all of the server stuff on my client application?

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

When you build wolfSSL, it generates a header file wolfssl/options.h. This contains the defines that the library was built with. Are you including that in your client application? That would ensure that everything matches up between your client app and the built wolfSSL library. Based on your description of the latest issues, I think that might help, but let me know if you're already doing that, or if it doesn't fix anything.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

hayden wrote:

When you build wolfSSL, it generates a header file wolfssl/options.h. This contains the defines that the library was built with. Are you including that in your client application? That would ensure that everything matches up between your client app and the built wolfSSL library. Based on your description of the latest issues, I think that might help, but let me know if you're already doing that, or if it doesn't fix anything.

I am already using options.h.

Also, since I am basing things off of the 4.5.0 release, the CMakeLists.txt changes have messed me up.  I am currently updating the options.h file directly.  I am a bit confused about the changes to the build process.  Currently, I can't build with the current CMakeLists.txt file because it forces the use of pthread.h, which I don't have in my build.

Share

19 (edited by hayden 2020-12-11 09:58:56)

Re: Example of a client that doesn't attempt to contact OCSP Responder

Ok, thanks for that information. A few follow-up questions.

  • What version of wolfSSL were you using before? I'm curious to see how the CMake changed between your last version and 4.5.0. I recently did a big update of the CMake on the master branch of our repo, that, among other things, generates options.h.

  • What platform are you building on? OS/compiler?

  • Can you describe how you typically invoke CMake (either via GUI or command line, and what options you're using)? What are you using to build in lieu of CMake currently?

  • Can you send your options.h?

With that information, I can hopefully reproduce what you're seeing on my end, and figure out why OCSP stapling verification goes away when you define NO_WOLFSSL_SERVER.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

I have been using version 4.5.0 (full download), but did a git pull of the master branch and am having the problems with master.  On 4.5.0, I call cmake from git bash and am using the ARC_Q_2020_06 cross-compiler (MetaWare by Synopsys).  My cmake call is:

cmake -G"Eclipse CDT4 - Unix Makefiles" -DCMAKE_ECLIPSE_GENERATE_SOURCE_PROJECT=TRUE -DCMAKE_ECLIPSE_GENERATE_LINKED_RESOURCES=TRUE -DCMAKE_ECLIPSE_VERSION=4.6 -DCONFIG_TARGET_BOARD=EV210_B0 -DCONFIG_TARGET_CORE=CORE_C0 -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=NO  $@ ../source

After that, I modify the options.h to configure things the way I want to.  It is attached to this post.

Post's attachments

options.h 3.41 kb, 1 downloads since 2020-12-12 

You don't have the permssions to download the attachments of this post.

Share

21 (edited by hayden 2020-12-14 09:23:12)

Re: Example of a client that doesn't attempt to contact OCSP Responder

Thanks for that information. I'm currently building on a Linux machine using autotools instead of CMake, but I get this compilation error if I try to enable OCSP stapling and define NO_WOLFSSL_SERVER:

src/internal.c: In function ‘ProcessPeerCerts’:
src/internal.c:11202:62: error: ‘CertificateStatusRequest {aka struct <anonymous>}’ has no member named ‘response’
                                     ret = ProcessCSR(ssl, csr->response.buffer,
                                                              ^~
src/internal.c:11203:62: error: ‘CertificateStatusRequest {aka struct <anonymous>}’ has no member named ‘response’
                                                     &idx, csr->response.length);

Do you get a compilation error when you try to define it, or are we talking runtime behavior where you don't see the client verify the stapled response?

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

hayden wrote:

Do you get a compilation error when you try to define it, or are we talking runtime behavior where you don't see the client verify the stapled response?

No compilation errors, just incorrect runtime behavior.

Share

23 (edited by hayden 2020-12-14 15:38:43)

Re: Example of a client that doesn't attempt to contact OCSP Responder

Ok, got it.

In 4.5.0, I believe there's a bug in internal.c and internal.h. In internal.c, line 11118 should be:

#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT)

And similarly, line 2331 of internal.h should be:

#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT)

The internal.h fix isn't in master yet, which is why I was getting a compilation error, as I mentioned in my last reply.

The code guarded by the line in internal.c is indeed what performs verification of the certificate status request on the client side, so this bug would explain why you're not seeing that verification in 4.5.0.

Could you make those changes and see if things start working? I'll have a PR to fix internal.h in the near future.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

The client now produces the error: wolfSSL_connect(-406): Bad Certificate Status Message Error

Also, I am unable to build the server with NO_WOLFSSL_CLIENT defined.

Share

Re: Example of a client that doesn't attempt to contact OCSP Responder

I added some more changes to my PR: https://github.com/wolfSSL/wolfssl/pull/3544

I was also getting "wolfSSL_connect(-406): Bad Certificate Status Message Error" until I made the latest changes there. Now, I'll investigate your issue building a server with NO_WOLFSSL_CLIENT defined.

Share