GnuTLS: full-chain OCSP stapling. Bug 1466
authorJeremy Harris <jgh146exb@wizmail.org>
Thu, 26 Sep 2019 18:28:53 +0000 (19:28 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Thu, 26 Sep 2019 18:34:09 +0000 (19:34 +0100)
16 files changed:
doc/doc-docbook/spec.xfpt
doc/doc-txt/NewStuff
src/src/tls-gnu.c
src/src/tls-openssl.c
test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem [new file with mode: 0644]
test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem [new file with mode: 0644]
test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem [new file with mode: 0644]
test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt
test/aux-fixed/exim-ca/example.com/CA/index.valid.txt
test/aux-fixed/exim-ca/genall
test/aux-var-src/tls_conf_prefix
test/confs/5655 [moved from test/confs/5653 with 55% similarity]
test/log/5653 [deleted file]
test/log/5655 [new file with mode: 0644]
test/scripts/5655-OCSP-GnuTLS-1.3/5655 [new file with mode: 0644]
test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES [new file with mode: 0644]

index 5acdce0a67dfa34c37d99c546d8e2d98f0d4900b..118b7b5669d0d204e4647e713bb547e2cc2abfe9 100644 (file)
@@ -17836,7 +17836,15 @@ For GnuTLS 3.5.6 or later the expanded value of this option can be a list
 of files, to match a list given for the &%tls_certificate%& option.
 The ordering of the two lists must match.
 
-The file(s) should be in DER format
+.new
+The file(s) should be in DER format,
+except for GnuTLS 3.6.3 or later when an optional filetype prefix
+can be used.  The prefix must be one of "DER" or "PEM", followed by
+a single space.  If one is used it sets the format for subsequent
+files in the list; the initial format is DER.
+When a PEM format file is used it may contain multiple proofs,
+for multiple certificate chain element proofs under TLS1.3.
+.wen
 
 .option tls_on_connect_ports main "string list" unset
 .cindex SSMTP
index 8577f6d185c10d2cc4f3c86c6d50e40667785d47..a1534c55072734fb9ac6606a5fa96994063f0bb3 100644 (file)
@@ -35,6 +35,8 @@ Version 4.93
 
 11. Main options for DKIM verify to filter hash and key types.
 
+12. Under GnuTLS, with TLS1.3, support for full-chain OCSP stapling.
+
 
 Version 4.92
 --------------
index fce4b86472e891c69a4a6d059edda04187957c13..52128b940b922d2126bcfacba7eec949719e676c 100644 (file)
@@ -77,7 +77,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 # define SUPPORT_SRV_OCSP_STACK
 #endif
 #if GNUTLS_VERSION_NUMBER >= 0x030603
+# define EXIM_HAVE_TLS1_3
 # define SUPPORT_GNUTLS_EXT_RAW_PARSE
+# define GNUTLS_OCSP_STATUS_REQUEST_GET2
 #endif
 
 #ifdef SUPPORT_DANE
@@ -115,6 +117,9 @@ options_tls(void)
 # ifdef EXPERIMENTAL_TLS_RESUME
 builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
 # endif
+# ifdef EXIM_HAVE_TLS1_3
+builtin_macro_create(US"_HAVE_TLS1_3");
+# endif
 }
 #else
 
@@ -886,7 +891,7 @@ tls_server_clienthello_ext(void * ctx, unsigned tls_id,
 /* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
 if (tls_id == 5)       /* status_request */
   {
-  DEBUG(D_tls) debug_printf("Seen status_request extension\n");
+  DEBUG(D_tls) debug_printf("Seen status_request extension from client\n");
   tls_in.ocsp = OCSP_NOT_RESP;
   }
 return 0;
@@ -901,15 +906,51 @@ tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype,
 return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
                           GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO);
 }
+
+
+/* Make a note that we saw a status-response */
+static int
+tls_server_servercerts_ext(void * ctx, unsigned tls_id,
+  const unsigned char *data, unsigned size)
+{
+/* debug_printf("%s %u\n", __FUNCTION__, tls_id); */
+/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
+if (FALSE && tls_id == 5)      /* status_request */
+  {
+  DEBUG(D_tls) debug_printf("Seen status_request extension\n");
+  tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
+    ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */
+  }
+return 0;
+}
+
+/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */
+static int
+tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype,
+  unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
+{
+/* Call fn for each extension seen.  3.6.3 onwards */
+#ifdef notdef
+/*XXX crashes */
+return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
+#endif
+}
 #endif
 
+/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the
+ "Handshake Protocol: Certificate" record.
+So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s)
+
+This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term).
+*/
+
 #if defined(EXPERIMENTAL_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
 /* Callback for certificate-status, on server. We sent stapled OCSP. */
 static int
 tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
   unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
 {
-DEBUG(D_tls) debug_printf("Sending certificate-status\n");
+DEBUG(D_tls) debug_printf("Sending certificate-status\n");             /*XXX we get this for tls1.2 but not for 1.3 */
 #ifdef SUPPORT_SRV_OCSP_STACK
 tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
   ? OCSP_VFY_NOT_TRIED : OCSP_VFIED;   /* We know that GnuTLS verifies responses */
@@ -924,11 +965,14 @@ static int
 tls_server_hook_cb(gnutls_session_t sess, u_int htype, unsigned when,
   unsigned incoming, const gnutls_datum_t * msg)
 {
+/* debug_printf("%s: htype %u\n", __FUNCTION__, htype); */
 switch (htype)
   {
 # ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
   case GNUTLS_HANDSHAKE_CLIENT_HELLO:
     return tls_server_clienthello_cb(sess, htype, when, incoming, msg);
+  case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+    return tls_server_servercerts_cb(sess, htype, when, incoming, msg);
 # endif
   case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
     return tls_server_certstatus_cb(sess, htype, when, incoming, msg);
@@ -1017,6 +1061,18 @@ if ((rc = gnutls_certificate_allocate_credentials(&state->x509_cred)))
 
 #ifdef SUPPORT_SRV_OCSP_STACK
 gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2);
+
+# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
+if (!host && tls_ocsp_file)
+  {
+  if (f.running_in_test_harness)
+    tls_server_testharness_ocsp_fiddle();
+
+  if (exim_testharness_disable_ocsp_validity_check)
+    gnutls_certificate_set_flags(state->x509_cred,
+      GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
+  }
+# endif
 #endif
 
 /* remember: expand_check_tlsvar() is expand_check() but fiddling with
@@ -1044,7 +1100,7 @@ if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr))
 
 /* tls_privatekey is optional, defaulting to same file as certificate */
 
-if (state->tls_privatekey == NULL || *state->tls_privatekey == '\0')
+if (!state->tls_privatekey || !*state->tls_privatekey)
   {
   state->tls_privatekey = state->tls_certificate;
   state->exp_tls_privatekey = state->exp_tls_certificate;
@@ -1075,8 +1131,11 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
     const uschar * olist;
     int csep = 0, ksep = 0, osep = 0, cnt = 0;
     uschar * cfile, * kfile, * ofile;
-
 #ifndef DISABLE_OCSP
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+    gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
+# endif
+
     if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr))
       return DEFER;
     olist = ofile;
@@ -1091,13 +1150,13 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
       else
        {
        int gnutls_cert_index = -rc;
-       DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", gnutls_cert_index, cfile);
-
-       /* Set the OCSP stapling server info */
+       DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
+                                 gnutls_cert_index, cfile);
 
 #ifndef DISABLE_OCSP
        if (tls_ocsp_file)
          {
+         /* Set the OCSP stapling server info */
          if (gnutls_buggy_ocsp)
            {
            DEBUG(D_tls)
@@ -1105,27 +1164,36 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
            }
          else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
            {
-           DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile);
-
+           DEBUG(D_tls) debug_printf("OCSP response file %d  = %s\n",
+                                     gnutls_cert_index, ofile);
 # ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
-           if (f.running_in_test_harness) tls_server_testharness_ocsp_fiddle();
-
-           if (!exim_testharness_disable_ocsp_validity_check)
+           if (Ustrncmp(ofile, US"PEM ", 4) == 0)
              {
-             if  ((rc = gnutls_certificate_set_ocsp_status_request_file2(
-                         state->x509_cred, CCS ofile, gnutls_cert_index,
-                         GNUTLS_X509_FMT_DER)) < 0)
-               return tls_error_gnu(
-                       US"gnutls_certificate_set_ocsp_status_request_file2",
-                       rc, host, errstr);
+             ocsp_fmt = GNUTLS_X509_FMT_PEM;
+             ofile += 4;
+             }
+           else if (Ustrncmp(ofile, US"DER ", 4) == 0)
+             {
+             ocsp_fmt = GNUTLS_X509_FMT_DER;
+             ofile += 4;
+             }
 
-             /* Arrange callbacks for OCSP request observability */
+           if  ((rc = gnutls_certificate_set_ocsp_status_request_file2(
+                     state->x509_cred, CCS ofile, gnutls_cert_index,
+                     ocsp_fmt)) < 0)
+             return tls_error_gnu(
+                     US"gnutls_certificate_set_ocsp_status_request_file2",
+                     rc, host, errstr);
+           DEBUG(D_tls)
+             debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");
 
-             gnutls_handshake_set_hook_function(state->session,
-               GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
-             }
-           else
-# elif defined(SUPPORT_SRV_OCSP_STACK)
+           /* Arrange callbacks for OCSP request observability */
+
+           gnutls_handshake_set_hook_function(state->session,
+             GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
+
+# else
+#  if defined(SUPPORT_SRV_OCSP_STACK)
            if ((rc = gnutls_certificate_set_ocsp_status_request_function2(
                         state->x509_cred, gnutls_cert_index,
                         server_ocsp_stapling_cb, ofile)))
@@ -1133,7 +1201,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
                      US"gnutls_certificate_set_ocsp_status_request_function2",
                      rc, host, errstr);
            else
-# endif
+#  endif
              {
              if (cnt++ > 0)
                {
@@ -1144,6 +1212,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
                gnutls_certificate_set_ocsp_status_request_function(
                  state->x509_cred, server_ocsp_stapling_cb, ofile);
              }
+# endif        /* SUPPORT_GNUTLS_EXT_RAW_PARSE */
            }
          else
            DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
@@ -2181,7 +2250,8 @@ post_handshake_debug(exim_gnutls_state_st * state)
 debug_printf("%s\n", gnutls_session_get_desc(state->session));
 #endif
 #ifdef SUPPORT_GNUTLS_KEYLOG
-# ifdef GNUTLS_TLS1_3
+
+# ifdef EXIM_HAVE_TLS1_3
 if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3)
 #else
 if (TRUE)
@@ -2201,7 +2271,8 @@ else
     " set environment variable SSLKEYLOGFILE to a filename writable by uid exim\n"
     " add SSLKEYLOGFILE to keep_environment in the exim config\n"
     " run exim as root\n"
-    " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n");
+    " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
+    " (works for TLS1.2 also, and saves cut-paste into file)\n");
 #endif
 }
 
@@ -2878,16 +2949,26 @@ if (request_ocsp)
     gnutls_datum_t stapling;
     gnutls_ocsp_resp_t resp;
     gnutls_datum_t printed;
-    if (  (rc= gnutls_ocsp_status_request_get(state->session, &stapling)) == 0
-       && (rc= gnutls_ocsp_resp_init(&resp)) == 0
-       && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
-       && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0
-       )
-      {
-      debug_printf("%.4096s", printed.data);
-      gnutls_free(printed.data);
-      }
-    else
+    unsigned idx = 0;
+
+    for (;
+# ifdef GNUTLS_OCSP_STATUS_REQUEST_GET2
+        (rc = gnutls_ocsp_status_request_get2(state->session, idx, &stapling)) == 0;
+#else
+        (rc = gnutls_ocsp_status_request_get(state->session, &stapling)) == 0;
+#endif
+        idx++)
+      if (  (rc= gnutls_ocsp_resp_init(&resp)) == 0
+        && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
+        && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT, &printed)) == 0
+        )
+       {
+       debug_printf("%.4096s", printed.data);
+       gnutls_free(printed.data);
+       }
+      else
+       (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
+    if (idx == 0 && rc)
       (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
     }
 
index dc8729106af9147bb2ed71acb789e55b03189a16..a1dee6dd03f08394bab50bf6c67aa908a684e2f5 100644 (file)
@@ -261,6 +261,9 @@ for (struct exim_openssl_option * o = exim_openssl_options;
 # ifdef EXPERIMENTAL_TLS_RESUME
 builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
 # endif
+# ifdef SSL_OP_NO_TLSv1_3
+builtin_macro_create(US"_HAVE_TLS1_3");
+# endif
 }
 #else
 
diff --git a/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem
new file mode 100644 (file)
index 0000000..6b5d621
--- /dev/null
@@ -0,0 +1,31 @@
+OCSP Response Information:
+       Response Status: Successful
+       Response Type: Basic OCSP Response
+       Version: 1
+       Responder ID: CN=clica CA rsa,O=example.com
+       Produced At: Thu Sep 26 12:14:05 UTC 2019
+       Responses:
+               Certificate ID:
+                       Hash Algorithm: SHA256
+                       Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+                       Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+                       Serial Number: 41
+               Certificate Status: good
+               This Update: Thu Sep 26 12:14:05 UTC 2019
+               Next Update: Tue Sep 25 12:14:05 UTC 2029
+       Extensions:
+       Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2
+MTIxNDA1WjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H
+AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO
+EgIBQYAAGA8yMDE5MDkyNjEyMTQwNVqgERgPMjAyOTA5MjUxMjE0MDVaMA0GCSqG
+SIb3DQEBCwUAA4IBAQAIVtY+mV3cbK0Z/itrRAJKrQGjWz4nUKK2t84KN/K/NxJd
+oDvgN9sp4qp8P0RDE/fwqDLTNp35/7vHPaSB5Bi+L6U2aUwz46LJsX0/q6DuprE+
+e6Z8rOrfycACBY18h8X3foCJwP3/Igon1B7ERbJHYKut77eXJh8EEpxQDxYaDdoj
+d0aFylyMjNH5Cm1nSkksC0islm5sk+ggEZjOnvM6y6ZzlPHl1nyI6TOWrTSoqm69
+mK2Gf9V59oHJPSM3OaVWL5OoUIZ57RrtDdxs3H3HO8QNPCSJY80Dk2uwpZICzYP3
+ko2KEu5rKChZ74PB59D6wAuUTEYdzF08s9waWL1m
+-----END OCSP RESPONSE-----
diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem
new file mode 100644 (file)
index 0000000..5a44d61
--- /dev/null
@@ -0,0 +1,31 @@
+OCSP Response Information:
+       Response Status: Successful
+       Response Type: Basic OCSP Response
+       Version: 1
+       Responder ID: CN=clica CA rsa,O=example.com
+       Produced At: Wed Sep 25 16:52:00 UTC 2019
+       Responses:
+               Certificate ID:
+                       Hash Algorithm: SHA256
+                       Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+                       Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+                       Serial Number: 42
+               Certificate Status: good
+               This Update: Wed Sep 25 16:52:00 UTC 2019
+               Next Update: Mon Sep 24 16:52:00 UTC 2029
+       Extensions:
+       Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI1
+MTY1MjAwWjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H
+AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO
+EgIBQoAAGA8yMDE5MDkyNTE2NTIwMFqgERgPMjAyOTA5MjQxNjUyMDBaMA0GCSqG
+SIb3DQEBCwUAA4IBAQAD/6WpB4+oK4S81aIp48J0CPqqPkd2tMBaAHZQ+0FG2A9c
+8VPPjWfVhTYikeILbVukABNpcP5G3bWOiTrYK0bp2f+Wf3NQyiP+VXj0pGmnX4lI
+Jwwg0ZvejHddoU192DTYu+fjj80YVOv09VHoehLsnsYPe16nW+2Ul2eDJ5IQv1qo
+5PUjRqc1X8W0ixAR34zXnkO+tDbpkGtUo/WcGt0zVxmoqXwvWsEG65PN/OYS2rEu
+q5TkTweFZllPdNfRJAXHBlZf1ndA9XpTzp4U/RGlWHP4Mp92BH9Ry50admEvObCe
+ayhmuSWTc/8mrunDn+qidRFYccHtDTeoAy2XRnGA
+-----END OCSP RESPONSE-----
diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem
new file mode 100644 (file)
index 0000000..dfbed04
--- /dev/null
@@ -0,0 +1,33 @@
+OCSP Response Information:
+       Response Status: Successful
+       Response Type: Basic OCSP Response
+       Version: 1
+       Responder ID: CN=clica CA rsa,O=example.com
+       Produced At: Thu Sep 26 07:51:09 UTC 2019
+       Responses:
+               Certificate ID:
+                       Hash Algorithm: SHA256
+                       Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109
+                       Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12
+                       Serial Number: 42
+               Certificate Status: revoked
+               Revocation time: Mon Feb 01 14:27:09 UTC 2010
+               This Update: Thu Sep 26 07:51:09 UTC 2019
+               Next Update: Tue Sep 25 07:51:09 UTC 2029
+       Extensions:
+       Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIICEQoBAKCCAgowggIGBgkrBgEFBQcwAQEEggH3MIIB8zCB3KEvMC0xFDASBgNV
+BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2
+MDc1MTA5WjCBlzCBlDBWMA0GCWCGSAFlAwQCAQUABCC/pydaVm79S+LfgtvZ0SkN
+RwGG9v8qzYwWZZ80KrVhCQQgII+dKMfAvJFBRN+owL49Wzv867YiyKjcJ+hl/AbK
+DhICAUKhFhgPMjAxMDAyMDExNDI3MDlaoAMKAQQYDzIwMTkwOTI2MDc1MTA5WqAR
+GA8yMDI5MDkyNTA3NTEwOVowDQYJKoZIhvcNAQELBQADggEBABxA6J6zKoEXgmgG
+/I1hZc08x4T8WibqkGhS/1hcq66STgqYY1m3GmaOHQiwHhxsZzAUfOp1wChNgRCI
+x2pFp5rsQCZPvSL244SaTRqSK6eFONnic+s7nND3b/DZuelx3Zq1y/vrg+WaNxxt
+HWC1sRk2c/jAMqdHbH5obXzWB88qN8dh9Xwi8VXYCFlKjlURa6q6z5b5jhPI1BDW
+oLK66ZIzSxryPGu/70EWUAAMub5NAMhGi0Vf1eoIl87PMKQRaGTkwgKe3KgqU+o9
+Oa15HFRL0iFaVBxdYEQyy/MW6iSA+1KiyqSpWEZxCvisKjUTVopx/BiVb9sEpvwE
+yRNnGe8=
+-----END OCSP RESPONSE-----
index d69d74d0c22d5d5ade4cbc6fed0a91bcecfc4cd9..4670f59f08d698353561c20c7812d48315609c5f 100644 (file)
@@ -4,3 +4,4 @@ R       130110200751Z   100201142709Z,superseded        67      unknown CN=expired1.example.com
 R      130110200751Z   100201142709Z,superseded        c9      unknown CN=server2.example.com
 R      130110200751Z   100201142709Z,superseded        ca      unknown CN=revoked2.example.com
 R      130110200751Z   100201142709Z,superseded        cb      unknown CN=expired2.example.com
+R      130110200751Z   100201142709Z,superseded        42      unknown CN=clica Signing Cert rsa
index 126acf7e4fd79e6f0f94f390d068d655d401734f..61dc8ac70412d38149b167716ed317a94ff56584 100644 (file)
@@ -4,3 +4,5 @@ V       130110200751Z           67      unknown CN=expired1.example.com
 V      130110200751Z           c9      unknown CN=server2.example.com
 V      130110200751Z           ca      unknown CN=revoked2.example.com
 V      130110200751Z           cb      unknown CN=expired2.example.com
+V      130110200751Z           42      unknown CN=clica Signing Cert rsa
+V      130110200751Z           41      unknown CN=clica CA rsa
index a5e51e3e5e21b4b161e109e5b40effe5666db422..9904cfa6f29a644ab400207d0cb5cc253c4b7c1b 100755 (executable)
@@ -26,6 +26,14 @@ do
     rm -fr "$idir"
 
     # create CA cert + templates
+    # -D  dir to work in
+    # -p  passwd for cert
+    # -B  keysize in bits
+    # -I  create CA cert
+    # -N  org name
+    # -F  create sub-signing cert
+    # -C CRL
+    # -O create OCSP responder cert
     clica $V -D "$idir" -p password -B 2048 -I -N $iname -F -C http://crl.$iname/latest.crl -O http://oscp.$iname/
 
     # create server certs
@@ -67,8 +75,15 @@ do
 
 ####
 
+ # so, for full-chain OCSP we sill want an OCSP resp for the Signer cert and also (?) one for the
+ # CA cert itself.  The existing bits below only create for the leaf certs, next layer down.
+ #
+ # First test will be just adding OCSP for the Signer cert. Presumably we could use the CA cert
+ # to sign that.
+
     # create OCSP reqs & resps
     CADIR=$idir/CA
+
     #give ourselves an OSCP key to work with
     pk12util -o $CADIR/OCSP.p12 -n 'OCSP Signer rsa' -d $CADIR -K password -W password
     openssl pkcs12 -in $CADIR/OCSP.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/OCSP.key
@@ -77,12 +92,17 @@ do
     pk12util -o $CADIR/Signer.p12 -n 'Signing Cert rsa' -d $CADIR -K password -W password
     openssl pkcs12 -in $CADIR/Signer.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/Signer.key
 
+    # ditto for CA
+    # - the "-n names" here appear to be hardcoded in clica
+    pk12util -o $CADIR/CA.p12 -n 'Certificate Authority rsa' -d $CADIR -K password -W password
+    openssl pkcs12 -in $CADIR/CA.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/CA.key
+
     # create some index files for the ocsp responder to work with
-# tab-sep
+# tab-sep, and fields can be empty
 # 0: Revoked/Expired/Valid letter
 # 1: Expiry date (ASN1_UTCTIME)
 # 2: Revocation date
-# 3: Serial no. (unique)
+# 3: Serial no. (unique, in hex)
 # 4: file
 # 5: DN, index
 
@@ -93,6 +113,8 @@ V    130110200751Z           67      unknown CN=expired1.$iname
 V      130110200751Z           c9      unknown CN=server2.$iname
 V      130110200751Z           ca      unknown CN=revoked2.$iname
 V      130110200751Z           cb      unknown CN=expired2.$iname
+V      130110200751Z           42      unknown CN=clica Signing Cert rsa
+V      130110200751Z           41      unknown CN=clica CA rsa
 EOF
     cat >$CADIR/index.revoked.txt <<EOF
 R      130110200751Z   100201142709Z,superseded        65      unknown CN=server1.$iname
@@ -101,9 +123,10 @@ R  130110200751Z   100201142709Z,superseded        67      unknown CN=expired1.$iname
 R      130110200751Z   100201142709Z,superseded        c9      unknown CN=server2.$iname
 R      130110200751Z   100201142709Z,superseded        ca      unknown CN=revoked2.$iname
 R      130110200751Z   100201142709Z,superseded        cb      unknown CN=expired2.$iname
+R      130110200751Z   100201142709Z,superseded        42      unknown CN=clica Signing Cert rsa
 EOF
 
-    # Now create all the ocsp requests and responses
+    # Now create all the ocsp requests and responses for the leaf certs
     IVALID="-index $CADIR/index.valid.txt"
     IREVOKED="-index $CADIR/index.revoked.txt"
 
@@ -116,6 +139,8 @@ EOF
        openssl ocsp -issuer $CADIR/Signer.pem -sha256 -cert $SPFX.pem -no_nonce -reqout $SPFX.ocsp.req
        REQIN="-reqin $SPFX.ocsp.req"
 
+       # These ones get used by the "traditional" testcases. OCSP resp signed by a cert which is
+       # signed by the signer of the leaf-cert being attested to.
        OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
        openssl ocsp $IVALID   $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.good.resp
        openssl ocsp $IVALID   $OGENCOMMON -ndays 30   $REQIN -respout $SPFX.ocsp.dated.resp
@@ -126,11 +151,40 @@ EOF
        openssl ocsp $IVALID   $OGENCOMMON -ndays 30   $REQIN -respout $SPFX.ocsp.signer.dated.resp
        openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signer.revoked.resp
 
+       # These ones get used by the "LetsEncrypt mode" testcases. OCSP resp is signed directly by the
+       # signer of the leaf-cert being attested to.
        OGENCOMMON="-rsigner $CADIR/Signer.pem -rkey $CADIR/Signer.key -CA $CADIR/Signer.pem -resp_no_certs -noverify"
        openssl ocsp $IVALID   $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signernocert.good.resp
        openssl ocsp $IVALID   $OGENCOMMON -ndays 30   $REQIN -respout $SPFX.ocsp.signernocert.dated.resp
        openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.signernocert.revoked.resp
     done
+
+    # convert one good leaf-resp to PEM
+    $server=server1
+    RESP=$idir/$server.$iname/$server.$iname.ocsp.signernocert.good.resp
+    ocsptool -S $RESP -j > $RESP.pem
+
+    # Then, ocsp request and responses for the signer cert
+    REQ=$CADIR/Signer.ocsp.req
+    RESP=$CADIR/Signer.ocsp.signernocert.good.resp
+    openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/Signer.pem -no_nonce -reqout $REQ
+    openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+       -ndays 3652 -reqin $REQ -respout $RESP
+    ocsptool -S $RESP -j > $RESP.pem
+
+    RESP=$CADIR/Signer.ocsp.signernocert.revoked.resp
+    openssl ocsp $IREVOKED -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+       -ndays 3652 -reqin $REQ -respout $RESP
+    ocsptool -S $RESP -j > $RESP.pem
+
+    # Then, ocsp request and response for the CA cert
+    REQ=$CADIR/CA.ocsp.req
+    RESP=$CADIR/CA.ocsp.signernocert.good.resp
+    openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/CA.pem -no_nonce -reqout $REQ
+    openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \
+       -ndays 3652 -reqin $REQ -respout $RESP
+    ocsptool -S $RESP -j > $RESP.pem
+
 ####
 done
 
index 1c464f63e6d8ebc4c99c50c63b0e1b5803c99401..ad9501ed043c23ed7fb01051a2fa22938ffb40c2 100644 (file)
@@ -1,4 +1,4 @@
-keep_environment = PATH:SSLKEYLOGFILE
+keep_environment = PATH:SSLKEYLOGFILE:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
similarity index 55%
rename from test/confs/5653
rename to test/confs/5655
index 5b29f5b689db77394b9e2a0d60cd27967ec3dd2b..0f6fe1b98984ba0d37299046a82dcf93ea83e9a7 100644 (file)
@@ -1,5 +1,5 @@
-# Exim test configuration 5652
-# OCSP stapling, server, multiple certs
+# Exim test configuration 5655
+# OCSP stapling, server, multiple chain-element OCSP
 
 .include DIR/aux-var/tls_conf_prefix
 
@@ -7,6 +7,7 @@ primary_hostname = server1.example.com
 
 # ----- Main settings -----
 
+acl_smtp_connect = accept logwrite = ${env {SSLKEYLOGFILE}}
 acl_smtp_mail = check_mail
 acl_smtp_rcpt = check_recipient
 
@@ -21,15 +22,23 @@ CADIR = DIR/aux-fixed/exim-ca
 DRSA = CADIR/example.com
 DECDSA = CADIR/example_ec.com
 
-tls_certificate = DRSA/server1.example.com/server1.example.com.pem \
+tls_certificate = DRSA/server1.example.com/fullchain.pem \
              : DECDSA/server1.example_ec.com/server1.example_ec.com.pem
 tls_privatekey =  DRSA/server1.example.com/server1.example.com.unlocked.key \
              : DECDSA/server1.example_ec.com/server1.example_ec.com.unlocked.key
-tls_ocsp_file =   DRSA/server1.example.com/server1.example.com.ocsp.good.resp \
-             : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
 
+.ifndef CONTROL
+tls_ocsp_file =   PEM DIR/tmp/ocsp/triple.ocsp.pem \
+             : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
+.else
+tls_ocsp_file =   PEM DIR/tmp/ocsp/double_r.ocsp.pem \
+             : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
+.endif
 
-tls_require_ciphers = NORMAL:!VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0
+
+.ifdef _HAVE_GNUTLS
+tls_require_ciphers = ${if eq {LIMIT}{TLS1.2} {NORMAL:!VERS-ALL:+VERS-TLS1.2} {}}
+.endif
 
 # ------ ACL ------
 
@@ -70,9 +79,22 @@ remote_delivery:
   driver =                     smtp
   port =                       PORT_D
   hosts_require_tls =          *
-  tls_require_ciphers =                OPT
+.ifdef _HAVE_GNUTLS
+
+  tls_require_ciphers =                ${if eq {LIMIT}{TLS1.2} \
+                                 {NONE:\
+                                   ${if eq {OPT}{rsa} \
+                                     {+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA} \
+                                     {+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL}}\
+                                 :+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509} \
+                                 {}}
+  tls_verify_certificates =    CADIR/\
+                                 ${if eq {OPT}{rsa} \
+                                   {example.com/server1.example.com} \
+                                   {example_ec.com/server1.example_ec.com}}\
+                               /ca_chain.pem
+.endif
   hosts_require_ocsp =         *
-  tls_verify_certificates =    CERT
   tls_verify_cert_hostnames =  :
 
 local_delivery:
diff --git a/test/log/5653 b/test/log/5653
deleted file mode 100644 (file)
index 82d2e7a..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-1999-03-02 09:44:33 1: Server sends good staple on request, to client requiring RSA auth
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified)
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com
diff --git a/test/log/5655 b/test/log/5655
new file mode 100644 (file)
index 0000000..4cb16c2
--- /dev/null
@@ -0,0 +1,27 @@
+1999-03-02 09:44:33 1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 3: TLS1.3 Server sends bad nonleaf staple, client detects it
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 == rsa.auth@test.ex R=client T=remote_delivery defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** rsa.auth@test.ex: retry timeout exceeded
+1999-03-02 09:44:33 10HmbB-0005vi-00 rsa.auth@test.ex: error ignored
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 
+1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified)
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 
+1999-03-02 09:44:33 acl_mail: ocsp in status: 1 (notresp)
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 
+1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): The TLS connection was non-properly terminated.
diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/5655 b/test/scripts/5655-OCSP-GnuTLS-1.3/5655
new file mode 100644 (file)
index 0000000..25ebdfd
--- /dev/null
@@ -0,0 +1,59 @@
+# OCSP stapling, server, multiple chain-element OCSP
+#
+#
+#
+mkdir -p DIR/tmp/ocsp
+sudo chown -R EXIMUSER:EXIMGROUP tmp
+sudo chmod -R a+rwx DIR/tmp/ocsp
+perl
+chdir 'aux-fixed/exim-ca/example.com';
+system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.good.resp.pem CA/CA.ocsp.signernocert.good.resp.pem > DIR/tmp/ocsp/triple.ocsp.pem';
+system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem';
+****
+#
+#
+exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2
+****
+#
+exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3
+****
+exim -odf -DOPT=rsa rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+#
+exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it'
+****
+#
+EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad
+****
+exim -odf -DOPT=rsa rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+#
+#
+sudo rm -fr tmp/
+no_msglog_check
diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES b/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES
new file mode 100644 (file)
index 0000000..ab5a972
--- /dev/null
@@ -0,0 +1,4 @@
+support GnuTLS
+support OCSP
+running IPv4
+feature _HAVE_TLS1_3