Re: [reSIProcate] TLS handshake failure
I noticed that in TlsConnection.cxx there is code such as:
if ( mServer )
{
assert( mSecurity );
X509* cert =
mSecurity->getDomainCert(mDomain); //mDomainCerts[mDomain];
if (!cert)
{
ErrLog(<< "Don't have certificate for domain " << mDomain );
}
if( !SSL_use_certificate(mSsl, cert) )
{
throw Security::Exception("SSL_use_certificate failed",
__FILE__,__LINE__);
}
EVP_PKEY* pKey =
mSecurity->getDomainKey(mDomain); //mDomainPrivateKeys[mDomain];
if (!pKey)
{
ErrLog(<< "Don't have private key for domain " << mDomain );
}
if ( !SSL_use_PrivateKey(mSsl, pKey) )
{
throw Security::Exception("SSL_use_PrivateKey failed.",
__FILE__,__LINE__);
}
}
Why are SSL_use_certificate and SSL_use_PrivateKey only called for
server? I think they should be called regardless. (even if we are acting
as client).
Thoughts?
On Tue, 2005-05-03 at 15:06 -0600, Sandeep Sharma wrote:
> Thanks for the information.
>
> The code for a resip client verifying the server cert is in the function
> computePeerName that is called after the SSL_do_handshake. My
> application is failing in SSL_connect itself, so I think it is a issue
> of not being able to find the cert issuer in the trusted list. This
> statement is based on the fact that when I run openssl s_client I am
> able to connect successfully (but I do see errors related to cert
> verification - errors are in my initial post).
>
> So I am trying to understand how the verification works. My machine has
> a file called /usr/share/ssl/cert.pem that has 61 (CA) certs in it. 13
> of these are from Verisign. I created 13 files with prefix root_cert_
> under my application directory and the logs indicate that the preload
> function is loading these certificates now.
>
> I connect to the server and the server presents this certificate. (some
> portions have been replaced with XXXX or ....)
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> XXXX
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
> International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by
> Ref. LIABILITY LTD.(c)97 VeriSign
> Validity
> Not Before: Dec 6 00:00:00 2004 GMT
> Not After : Dec 6 23:59:59 2006 GMT
> Subject: C=US, ST=Virginia, L=XXXX, O=XXXX, OU=XXXX, OU=Terms of
> use at www.verisign.com/rpa (c)00, CN=XXXX
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> ....:
> ....:
> ....:
> ....:
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> X509v3 Key Usage:
> Digital Signature, Key Encipherment
> X509v3 CRL Distribution Points:
>
> URI:http://crl.verisign.com/Class3InternationalServer.crl
>
> X509v3 Certificate Policies:
> Policy: 2.16.840.1.113733.1.7.23.3
> CPS: https://www.verisign.com/rpa
>
> X509v3 Extended Key Usage:
> Netscape Server Gated Crypto, TLS Web Server
> Authentication, TLS Web Client Authentication
> Authority Information Access:
> OCSP - URI:http://ocsp.verisign.com
>
> 1.3.6.1.5.5.7.1.12:
> 0_.].[0Y0W0U..image/gif0!
> 0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
> Signature Algorithm: sha1WithRSAEncryption
> ....:
> ....:
> ....:
> ....:
>
> What happens during verification? I am guessing something in this cert
> should match one of the root certs for verification to succeed? What is
> that bit?
>
> I even tried adding this to Security.cxx but it did not help.
> SSL_CTX_set_options(mSslCtx, SSL_OP_ALL);
>
> Another thing I noticed is that resip uses calls to X509_STORE*. I
> looked at another SSL based app and it uses stuff like this:
> SSL_CTX_set_client_CA_list();
> SSL_CTX_load_verify_locations()
>
> Are both of these approaches basically doing the same thing behind the
> scenes?
>
> If anyone has successfully tested a scenario similar to what I described
> above, please let me know.
>
> FWIW, the other side is able to successfully establish a TLS connection
> with my application and send in SIP messages. It is just not working
> from me to them.
>
> I am at my wit's end here. Any help, pointers are welcome.
>
> Thanks
> Sandeep
>
>
>
> On Mon, 2005-05-02 at 17:22 -0700, Cullen Jennings wrote:
> > Try and answer a few of your questions here - there should be better
> > documentation on all of this ...
> >
> > the root_cert* files are the certs for CA that you trust - so you would need
> > to copy the versign cert to one of these.
> >
> > The domain_cert are the things that are used for TLS - so this would be
> > your certificate for the serer.
> >
> > The user_cers are only used for S/MIME and don't have anything to do with
> > TLS
> >
> > Some of the code on a Resip client verifying the server cert has been
> > changing and I'm a not up to date on it. It should be checking the
> > SubjectAltName of the cert and that the date of the cert is valid. It is not
> > checking CRL stuff.
> >
> >
> > On 5/2/05 4:57 PM, "Sandeep Sharma" <ssharma@xxxxxxxxxx> wrote:
> >
> > > Hello,
> > >
> > > I am looking for some help on how resiprocate validates/verifies server
> > > certificates presented as part of TLS handshake.
> > >
> > > The client is my application linked with resiprocate. The server is
> > > another application that uses openssl.
> > >
> > > The client tries to establish a TLS connection to server. On the client
> > > (resip) side, following errors are seen..
> > >
> > > TlsConnection.cxx:176 | TLS connection failed ok=-1 err=5
> > > error:00000005:lib(0):func(0):DH lib
> > > TlsConnection.cxx:196 | (SSL Error want syscall)
> > > TlsConnection.cxx:197 | Error may be because trying ssl connection to
> > > tls server
> > > TlsConnection.cxx:228 | Couldn't TLS connect
> > > Write failed on socket: 18, closing connection
> > >
> > > On server side, they report errors like this:
> > > SSL3_GET_CLIENT_CERTIFICATE: peer did not return a certificate.
> > >
> > > I CAN establish a connection using openssl s_client using -ssl2, so I
> > > know that the server is SSL2 (not TLS). In my application, I am using
> > > SSLv23 as the method. This also proves that the server has been
> > > provisioned with my (client's) self signed cert.
> > >
> > > I read that openssl s_client does server certificate verification but
> > > still continues if the verification fails. But looks like resip stops if
> > > the verification fails.
> > >
> > > I looked back into the logs from openssl s_client and sure enough, there
> > > were messages related to server certificate verification failure.
> > >
> > > openssl s_client -connect server:port -verify 10 -cert cert.pem -key
> > > key.pem -showcerts -debug -nbio_test -state -crlf -ssl2
> > >
> > > verify error:num=20:unable to get local issuer certificate
> > > verify return:1
> > > verify error:num=27:certificate not trusted
> > > verify return:1
> > > verify error:num=21:unable to verify the first certificate
> > > verify return:1
> > >
> > > The server cert is issued by Verisign and the CN matches the machine
> > > name that I am trying to connect to.
> > >
> > > When I copy the server certificate on to my box and run openssl verify
> > > on that cert, I get similar (not exactly same) errors.
> > >
> > > I looked in resip code and found that there is some processing done with
> > > files with prefix domain_cert_, user_cert_ and root_cert_ but did not
> > > really understand what needs to be done.
> > >
> > > So my specific questions are:
> > >
> > > 1) How does resip verify server certs presented as part of TLS
> > > handshake? Where does it look for trusted issuers?
> > >
> > > 2) What is the difference between domain_cert_*.pem, user_cert_*.pem and
> > > root_cert_*.pem? How are they used?
> > >
> > > Any feedback, answers, suggestions and questions are welcome.
> > >
> > > Thanks
--
Sandeep Sharma <ssharma@xxxxxxxxxx>