< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] TLS handshake failure


Thanks for the information. 

The code for a resip client verifying the server cert is in the function
computePeerName that is called after the SSL_do_handshake. My
application is failing in SSL_connect itself, so I think it is a issue
of not being able to find the cert issuer in the trusted list. This
statement is based on the fact that when I run openssl s_client I am
able to connect successfully (but I do see errors related to cert
verification - errors are in my initial post).

So I am trying to understand how the verification works. My machine has
a file called /usr/share/ssl/cert.pem that has 61 (CA) certs in it. 13
of these are from Verisign. I created 13 files with prefix root_cert_
under my application directory and the logs indicate that the preload
function is loading these certificates now.

I connect to the server and the server presents this certificate. (some
portions have been replaced with XXXX or ....)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            XXXX
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by
Ref. LIABILITY LTD.(c)97 VeriSign
        Validity
            Not Before: Dec  6 00:00:00 2004 GMT
            Not After : Dec  6 23:59:59 2006 GMT
        Subject: C=US, ST=Virginia, L=XXXX, O=XXXX, OU=XXXX, OU=Terms of
use at www.verisign.com/rpa (c)00, CN=XXXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    ....:
                    ....:                    
                    ....:                    
                    ....:
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points:

URI:http://crl.verisign.com/Class3InternationalServer.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa

            X509v3 Extended Key Usage:
                Netscape Server Gated Crypto, TLS Web Server
Authentication, TLS Web Client Authentication
            Authority Information Access:
                OCSP - URI:http://ocsp.verisign.com

            1.3.6.1.5.5.7.1.12:
                0_.].[0Y0W0U..image/gif0!
0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
    Signature Algorithm: sha1WithRSAEncryption
        ....:
        ....:
        ....:
        ....:

What happens during verification? I am guessing something in this cert
should match one of the root certs for verification to succeed? What is
that bit? 

I even tried adding this to Security.cxx but it did not help.
SSL_CTX_set_options(mSslCtx, SSL_OP_ALL);

Another thing I noticed is that resip uses calls to X509_STORE*. I
looked at another SSL based app and it uses stuff like this:
SSL_CTX_set_client_CA_list();
SSL_CTX_load_verify_locations()

Are both of these approaches basically doing the same thing behind the
scenes? 

If anyone has successfully tested a scenario similar to what I described
above, please let me know.

FWIW, the other side is able to successfully establish a TLS connection
with my application and send in SIP messages. It is just not working
from me to them.

I am at my wit's end here. Any help, pointers are welcome.

Thanks
Sandeep



On Mon, 2005-05-02 at 17:22 -0700, Cullen Jennings wrote:
> Try and answer a few of your questions here - there should be better
> documentation on all of this ...
> 
> the root_cert* files are the certs for CA that you trust - so you would need
> to copy the versign cert to one of these.
> 
> The domain_cert are the things that are used for TLS  - so this would be
> your certificate for the serer.
> 
> The user_cers are only used for S/MIME and don't have anything to do with
> TLS 
> 
> Some of the code on a Resip client verifying the server cert has been
> changing and I'm a not up to date on it. It should be checking the
> SubjectAltName of the cert and that the date of the cert is valid. It is not
> checking CRL stuff.
> 
> 
> On 5/2/05 4:57 PM, "Sandeep Sharma" <ssharma@xxxxxxxxxx> wrote:
> 
> > Hello,
> > 
> > I am looking for some help on how resiprocate validates/verifies server
> > certificates presented as part of TLS handshake.
> > 
> > The client is my application linked with resiprocate. The server is
> > another application that uses openssl.
> > 
> > The client tries to establish a TLS connection to server. On the client
> > (resip) side, following errors are seen..
> > 
> > TlsConnection.cxx:176 | TLS connection failed ok=-1 err=5
> > error:00000005:lib(0):func(0):DH lib
> > TlsConnection.cxx:196 |  (SSL Error want syscall)
> > TlsConnection.cxx:197 | Error may be because trying ssl connection to
> > tls server
> > TlsConnection.cxx:228 | Couldn't TLS connect
> > Write failed on socket: 18, closing connection
> > 
> > On server side, they report errors like this:
> > SSL3_GET_CLIENT_CERTIFICATE: peer did not return a certificate.
> > 
> > I CAN establish a connection using openssl s_client using -ssl2, so I
> > know that the server is SSL2 (not TLS). In my application, I am using
> > SSLv23 as the method. This also proves that the server has been
> > provisioned with my (client's) self signed cert.
> > 
> > I read that openssl s_client does server certificate verification but
> > still continues if the verification fails. But looks like resip stops if
> > the verification fails.
> > 
> > I looked back into the logs from openssl s_client and sure enough, there
> > were messages related to server certificate verification failure.
> > 
> > openssl s_client -connect server:port -verify 10 -cert cert.pem -key
> > key.pem -showcerts -debug -nbio_test -state -crlf -ssl2
> > 
> > verify error:num=20:unable to get local issuer certificate
> > verify return:1
> > verify error:num=27:certificate not trusted
> > verify return:1
> > verify error:num=21:unable to verify the first certificate
> > verify return:1
> > 
> > The server cert is issued by Verisign and the CN matches the machine
> > name that I am trying to connect to.
> > 
> > When I copy the server certificate on to my box and run openssl verify
> > on that cert, I get similar (not exactly same) errors.
> > 
> > I looked in resip code and found that there is some processing done with
> > files with prefix domain_cert_, user_cert_ and root_cert_ but did not
> > really understand what needs to be done.
> > 
> > So my specific questions are:
> > 
> > 1) How does resip verify server certs presented as part of TLS
> > handshake? Where does it look for trusted issuers?
> > 
> > 2) What is the difference between domain_cert_*.pem, user_cert_*.pem and
> > root_cert_*.pem? How are they used?
> > 
> > Any feedback, answers, suggestions and questions are welcome.
> > 
> > Thanks
-- 
Sandeep Sharma <ssharma@xxxxxxxxxx>