From: Jeremy Harris Date: Thu, 26 Sep 2019 18:28:53 +0000 (+0100) Subject: GnuTLS: full-chain OCSP stapling. Bug 1466 X-Git-Tag: exim-4.93-RC0~46 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=e326959e5e455e1b46124b023e0b202e4892e501;p=exim.git GnuTLS: full-chain OCSP stapling. Bug 1466 --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5acdce0a6..118b7b566 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17836,7 +17836,15 @@ For GnuTLS 3.5.6 or later the expanded value of this option can be a list of files, to match a list given for the &%tls_certificate%& option. The ordering of the two lists must match. -The file(s) should be in DER format +.new +The file(s) should be in DER format, +except for GnuTLS 3.6.3 or later when an optional filetype prefix +can be used. The prefix must be one of "DER" or "PEM", followed by +a single space. If one is used it sets the format for subsequent +files in the list; the initial format is DER. +When a PEM format file is used it may contain multiple proofs, +for multiple certificate chain element proofs under TLS1.3. +.wen .option tls_on_connect_ports main "string list" unset .cindex SSMTP diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 8577f6d18..a1534c550 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -35,6 +35,8 @@ Version 4.93 11. Main options for DKIM verify to filter hash and key types. +12. Under GnuTLS, with TLS1.3, support for full-chain OCSP stapling. + Version 4.92 -------------- diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index fce4b8647..52128b940 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -77,7 +77,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries). # define SUPPORT_SRV_OCSP_STACK #endif #if GNUTLS_VERSION_NUMBER >= 0x030603 +# define EXIM_HAVE_TLS1_3 # define SUPPORT_GNUTLS_EXT_RAW_PARSE +# define GNUTLS_OCSP_STATUS_REQUEST_GET2 #endif #ifdef SUPPORT_DANE @@ -115,6 +117,9 @@ options_tls(void) # ifdef EXPERIMENTAL_TLS_RESUME builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING ); # endif +# ifdef EXIM_HAVE_TLS1_3 +builtin_macro_create(US"_HAVE_TLS1_3"); +# endif } #else @@ -886,7 +891,7 @@ tls_server_clienthello_ext(void * ctx, unsigned tls_id, /* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ if (tls_id == 5) /* status_request */ { - DEBUG(D_tls) debug_printf("Seen status_request extension\n"); + DEBUG(D_tls) debug_printf("Seen status_request extension from client\n"); tls_in.ocsp = OCSP_NOT_RESP; } return 0; @@ -901,15 +906,51 @@ tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype, return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg, GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); } + + +/* Make a note that we saw a status-response */ +static int +tls_server_servercerts_ext(void * ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +{ +/* debug_printf("%s %u\n", __FUNCTION__, tls_id); */ +/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ +if (FALSE && tls_id == 5) /* status_request */ + { + DEBUG(D_tls) debug_printf("Seen status_request extension\n"); + tls_in.ocsp = exim_testharness_disable_ocsp_validity_check + ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */ + } +return 0; +} + +/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */ +static int +tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t * msg) +{ +/* Call fn for each extension seen. 3.6.3 onwards */ +#ifdef notdef +/*XXX crashes */ +return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0); +#endif +} #endif +/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the + "Handshake Protocol: Certificate" record. +So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s) + +This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term). +*/ + #if defined(EXPERIMENTAL_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) /* Callback for certificate-status, on server. We sent stapled OCSP. */ static int tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype, unsigned when, unsigned int incoming, const gnutls_datum_t * msg) { -DEBUG(D_tls) debug_printf("Sending certificate-status\n"); +DEBUG(D_tls) debug_printf("Sending certificate-status\n"); /*XXX we get this for tls1.2 but not for 1.3 */ #ifdef SUPPORT_SRV_OCSP_STACK tls_in.ocsp = exim_testharness_disable_ocsp_validity_check ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */ @@ -924,11 +965,14 @@ static int tls_server_hook_cb(gnutls_session_t sess, u_int htype, unsigned when, unsigned incoming, const gnutls_datum_t * msg) { +/* debug_printf("%s: htype %u\n", __FUNCTION__, htype); */ switch (htype) { # ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE case GNUTLS_HANDSHAKE_CLIENT_HELLO: return tls_server_clienthello_cb(sess, htype, when, incoming, msg); + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: + return tls_server_servercerts_cb(sess, htype, when, incoming, msg); # endif case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: return tls_server_certstatus_cb(sess, htype, when, incoming, msg); @@ -1017,6 +1061,18 @@ if ((rc = gnutls_certificate_allocate_credentials(&state->x509_cred))) #ifdef SUPPORT_SRV_OCSP_STACK gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2); + +# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) +if (!host && tls_ocsp_file) + { + if (f.running_in_test_harness) + tls_server_testharness_ocsp_fiddle(); + + if (exim_testharness_disable_ocsp_validity_check) + gnutls_certificate_set_flags(state->x509_cred, + GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + } +# endif #endif /* remember: expand_check_tlsvar() is expand_check() but fiddling with @@ -1044,7 +1100,7 @@ if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr)) /* tls_privatekey is optional, defaulting to same file as certificate */ -if (state->tls_privatekey == NULL || *state->tls_privatekey == '\0') +if (!state->tls_privatekey || !*state->tls_privatekey) { state->tls_privatekey = state->tls_certificate; state->exp_tls_privatekey = state->exp_tls_certificate; @@ -1075,8 +1131,11 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) const uschar * olist; int csep = 0, ksep = 0, osep = 0, cnt = 0; uschar * cfile, * kfile, * ofile; - #ifndef DISABLE_OCSP +# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE + gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER; +# endif + if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr)) return DEFER; olist = ofile; @@ -1091,13 +1150,13 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) else { int gnutls_cert_index = -rc; - DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", gnutls_cert_index, cfile); - - /* Set the OCSP stapling server info */ + DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", + gnutls_cert_index, cfile); #ifndef DISABLE_OCSP if (tls_ocsp_file) { + /* Set the OCSP stapling server info */ if (gnutls_buggy_ocsp) { DEBUG(D_tls) @@ -1105,27 +1164,36 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) } else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0))) { - DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile); - + DEBUG(D_tls) debug_printf("OCSP response file %d = %s\n", + gnutls_cert_index, ofile); # ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE - if (f.running_in_test_harness) tls_server_testharness_ocsp_fiddle(); - - if (!exim_testharness_disable_ocsp_validity_check) + if (Ustrncmp(ofile, US"PEM ", 4) == 0) { - if ((rc = gnutls_certificate_set_ocsp_status_request_file2( - state->x509_cred, CCS ofile, gnutls_cert_index, - GNUTLS_X509_FMT_DER)) < 0) - return tls_error_gnu( - US"gnutls_certificate_set_ocsp_status_request_file2", - rc, host, errstr); + ocsp_fmt = GNUTLS_X509_FMT_PEM; + ofile += 4; + } + else if (Ustrncmp(ofile, US"DER ", 4) == 0) + { + ocsp_fmt = GNUTLS_X509_FMT_DER; + ofile += 4; + } - /* Arrange callbacks for OCSP request observability */ + if ((rc = gnutls_certificate_set_ocsp_status_request_file2( + state->x509_cred, CCS ofile, gnutls_cert_index, + ocsp_fmt)) < 0) + return tls_error_gnu( + US"gnutls_certificate_set_ocsp_status_request_file2", + rc, host, errstr); + DEBUG(D_tls) + debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":""); - gnutls_handshake_set_hook_function(state->session, - GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); - } - else -# elif defined(SUPPORT_SRV_OCSP_STACK) + /* Arrange callbacks for OCSP request observability */ + + gnutls_handshake_set_hook_function(state->session, + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); + +# else +# if defined(SUPPORT_SRV_OCSP_STACK) if ((rc = gnutls_certificate_set_ocsp_status_request_function2( state->x509_cred, gnutls_cert_index, server_ocsp_stapling_cb, ofile))) @@ -1133,7 +1201,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) US"gnutls_certificate_set_ocsp_status_request_function2", rc, host, errstr); else -# endif +# endif { if (cnt++ > 0) { @@ -1144,6 +1212,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) gnutls_certificate_set_ocsp_status_request_function( state->x509_cred, server_ocsp_stapling_cb, ofile); } +# endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */ } else DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n"); @@ -2181,7 +2250,8 @@ post_handshake_debug(exim_gnutls_state_st * state) debug_printf("%s\n", gnutls_session_get_desc(state->session)); #endif #ifdef SUPPORT_GNUTLS_KEYLOG -# ifdef GNUTLS_TLS1_3 + +# ifdef EXIM_HAVE_TLS1_3 if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3) #else if (TRUE) @@ -2201,7 +2271,8 @@ else " set environment variable SSLKEYLOGFILE to a filename writable by uid exim\n" " add SSLKEYLOGFILE to keep_environment in the exim config\n" " run exim as root\n" - " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"); + " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n" + " (works for TLS1.2 also, and saves cut-paste into file)\n"); #endif } @@ -2878,16 +2949,26 @@ if (request_ocsp) gnutls_datum_t stapling; gnutls_ocsp_resp_t resp; gnutls_datum_t printed; - if ( (rc= gnutls_ocsp_status_request_get(state->session, &stapling)) == 0 - && (rc= gnutls_ocsp_resp_init(&resp)) == 0 - && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0 - && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0 - ) - { - debug_printf("%.4096s", printed.data); - gnutls_free(printed.data); - } - else + unsigned idx = 0; + + for (; +# ifdef GNUTLS_OCSP_STATUS_REQUEST_GET2 + (rc = gnutls_ocsp_status_request_get2(state->session, idx, &stapling)) == 0; +#else + (rc = gnutls_ocsp_status_request_get(state->session, &stapling)) == 0; +#endif + idx++) + if ( (rc= gnutls_ocsp_resp_init(&resp)) == 0 + && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0 + && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT, &printed)) == 0 + ) + { + debug_printf("%.4096s", printed.data); + gnutls_free(printed.data); + } + else + (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr); + if (idx == 0 && rc) (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr); } diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index dc8729106..a1dee6dd0 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -261,6 +261,9 @@ for (struct exim_openssl_option * o = exim_openssl_options; # ifdef EXPERIMENTAL_TLS_RESUME builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING ); # endif +# ifdef SSL_OP_NO_TLSv1_3 +builtin_macro_create(US"_HAVE_TLS1_3"); +# endif } #else diff --git a/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem new file mode 100644 index 000000000..6b5d6217e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/CA.ocsp.signernocert.good.resp.pem @@ -0,0 +1,31 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=clica CA rsa,O=example.com + Produced At: Thu Sep 26 12:14:05 UTC 2019 + Responses: + Certificate ID: + Hash Algorithm: SHA256 + Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109 + Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12 + Serial Number: 41 + Certificate Status: good + This Update: Thu Sep 26 12:14:05 UTC 2019 + Next Update: Tue Sep 25 12:14:05 UTC 2029 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV +BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2 +MTIxNDA1WjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H +AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO +EgIBQYAAGA8yMDE5MDkyNjEyMTQwNVqgERgPMjAyOTA5MjUxMjE0MDVaMA0GCSqG +SIb3DQEBCwUAA4IBAQAIVtY+mV3cbK0Z/itrRAJKrQGjWz4nUKK2t84KN/K/NxJd +oDvgN9sp4qp8P0RDE/fwqDLTNp35/7vHPaSB5Bi+L6U2aUwz46LJsX0/q6DuprE+ +e6Z8rOrfycACBY18h8X3foCJwP3/Igon1B7ERbJHYKut77eXJh8EEpxQDxYaDdoj +d0aFylyMjNH5Cm1nSkksC0islm5sk+ggEZjOnvM6y6ZzlPHl1nyI6TOWrTSoqm69 +mK2Gf9V59oHJPSM3OaVWL5OoUIZ57RrtDdxs3H3HO8QNPCSJY80Dk2uwpZICzYP3 +ko2KEu5rKChZ74PB59D6wAuUTEYdzF08s9waWL1m +-----END OCSP RESPONSE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem new file mode 100644 index 000000000..5a44d61af --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.good.resp.pem @@ -0,0 +1,31 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=clica CA rsa,O=example.com + Produced At: Wed Sep 25 16:52:00 UTC 2019 + Responses: + Certificate ID: + Hash Algorithm: SHA256 + Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109 + Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12 + Serial Number: 42 + Certificate Status: good + This Update: Wed Sep 25 16:52:00 UTC 2019 + Next Update: Mon Sep 24 16:52:00 UTC 2029 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIB+goBAKCCAfMwggHvBgkrBgEFBQcwAQEEggHgMIIB3DCBxaEvMC0xFDASBgNV +BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI1 +MTY1MjAwWjCBgDB+MFYwDQYJYIZIAWUDBAIBBQAEIL+nJ1pWbv1L4t+C29nRKQ1H +AYb2/yrNjBZlnzQqtWEJBCAgj50ox8C8kUFE36jAvj1bO/zrtiLIqNwn6GX8BsoO +EgIBQoAAGA8yMDE5MDkyNTE2NTIwMFqgERgPMjAyOTA5MjQxNjUyMDBaMA0GCSqG +SIb3DQEBCwUAA4IBAQAD/6WpB4+oK4S81aIp48J0CPqqPkd2tMBaAHZQ+0FG2A9c +8VPPjWfVhTYikeILbVukABNpcP5G3bWOiTrYK0bp2f+Wf3NQyiP+VXj0pGmnX4lI +Jwwg0ZvejHddoU192DTYu+fjj80YVOv09VHoehLsnsYPe16nW+2Ul2eDJ5IQv1qo +5PUjRqc1X8W0ixAR34zXnkO+tDbpkGtUo/WcGt0zVxmoqXwvWsEG65PN/OYS2rEu +q5TkTweFZllPdNfRJAXHBlZf1ndA9XpTzp4U/RGlWHP4Mp92BH9Ry50admEvObCe +ayhmuSWTc/8mrunDn+qidRFYccHtDTeoAy2XRnGA +-----END OCSP RESPONSE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem new file mode 100644 index 000000000..dfbed044e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.ocsp.signernocert.revoked.resp.pem @@ -0,0 +1,33 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=clica CA rsa,O=example.com + Produced At: Thu Sep 26 07:51:09 UTC 2019 + Responses: + Certificate ID: + Hash Algorithm: SHA256 + Issuer Name Hash: bfa7275a566efd4be2df82dbd9d1290d470186f6ff2acd8c16659f342ab56109 + Issuer Key Hash: 208f9d28c7c0bc914144dfa8c0be3d5b3bfcebb622c8a8dc27e865fc06ca0e12 + Serial Number: 42 + Certificate Status: revoked + Revocation time: Mon Feb 01 14:27:09 UTC 2010 + This Update: Thu Sep 26 07:51:09 UTC 2019 + Next Update: Tue Sep 25 07:51:09 UTC 2029 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIICEQoBAKCCAgowggIGBgkrBgEFBQcwAQEEggH3MIIB8zCB3KEvMC0xFDASBgNV +BAoTC2V4YW1wbGUuY29tMRUwEwYDVQQDEwxjbGljYSBDQSByc2EYDzIwMTkwOTI2 +MDc1MTA5WjCBlzCBlDBWMA0GCWCGSAFlAwQCAQUABCC/pydaVm79S+LfgtvZ0SkN +RwGG9v8qzYwWZZ80KrVhCQQgII+dKMfAvJFBRN+owL49Wzv867YiyKjcJ+hl/AbK +DhICAUKhFhgPMjAxMDAyMDExNDI3MDlaoAMKAQQYDzIwMTkwOTI2MDc1MTA5WqAR +GA8yMDI5MDkyNTA3NTEwOVowDQYJKoZIhvcNAQELBQADggEBABxA6J6zKoEXgmgG +/I1hZc08x4T8WibqkGhS/1hcq66STgqYY1m3GmaOHQiwHhxsZzAUfOp1wChNgRCI +x2pFp5rsQCZPvSL244SaTRqSK6eFONnic+s7nND3b/DZuelx3Zq1y/vrg+WaNxxt +HWC1sRk2c/jAMqdHbH5obXzWB88qN8dh9Xwi8VXYCFlKjlURa6q6z5b5jhPI1BDW +oLK66ZIzSxryPGu/70EWUAAMub5NAMhGi0Vf1eoIl87PMKQRaGTkwgKe3KgqU+o9 +Oa15HFRL0iFaVBxdYEQyy/MW6iSA+1KiyqSpWEZxCvisKjUTVopx/BiVb9sEpvwE +yRNnGe8= +-----END OCSP RESPONSE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt index d69d74d0c..4670f59f0 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt +++ b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt @@ -4,3 +4,4 @@ R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.com R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.com R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.com R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.com +R 130110200751Z 100201142709Z,superseded 42 unknown CN=clica Signing Cert rsa diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt index 126acf7e4..61dc8ac70 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt +++ b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt @@ -4,3 +4,5 @@ V 130110200751Z 67 unknown CN=expired1.example.com V 130110200751Z c9 unknown CN=server2.example.com V 130110200751Z ca unknown CN=revoked2.example.com V 130110200751Z cb unknown CN=expired2.example.com +V 130110200751Z 42 unknown CN=clica Signing Cert rsa +V 130110200751Z 41 unknown CN=clica CA rsa diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall index a5e51e3e5..9904cfa6f 100755 --- a/test/aux-fixed/exim-ca/genall +++ b/test/aux-fixed/exim-ca/genall @@ -26,6 +26,14 @@ do rm -fr "$idir" # create CA cert + templates + # -D dir to work in + # -p passwd for cert + # -B keysize in bits + # -I create CA cert + # -N org name + # -F create sub-signing cert + # -C CRL + # -O create OCSP responder cert clica $V -D "$idir" -p password -B 2048 -I -N $iname -F -C http://crl.$iname/latest.crl -O http://oscp.$iname/ # create server certs @@ -67,8 +75,15 @@ do #### + # so, for full-chain OCSP we sill want an OCSP resp for the Signer cert and also (?) one for the + # CA cert itself. The existing bits below only create for the leaf certs, next layer down. + # + # First test will be just adding OCSP for the Signer cert. Presumably we could use the CA cert + # to sign that. + # create OCSP reqs & resps CADIR=$idir/CA + #give ourselves an OSCP key to work with pk12util -o $CADIR/OCSP.p12 -n 'OCSP Signer rsa' -d $CADIR -K password -W password openssl pkcs12 -in $CADIR/OCSP.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/OCSP.key @@ -77,12 +92,17 @@ do pk12util -o $CADIR/Signer.p12 -n 'Signing Cert rsa' -d $CADIR -K password -W password openssl pkcs12 -in $CADIR/Signer.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/Signer.key + # ditto for CA + # - the "-n names" here appear to be hardcoded in clica + pk12util -o $CADIR/CA.p12 -n 'Certificate Authority rsa' -d $CADIR -K password -W password + openssl pkcs12 -in $CADIR/CA.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/CA.key + # create some index files for the ocsp responder to work with -# tab-sep +# tab-sep, and fields can be empty # 0: Revoked/Expired/Valid letter # 1: Expiry date (ASN1_UTCTIME) # 2: Revocation date -# 3: Serial no. (unique) +# 3: Serial no. (unique, in hex) # 4: file # 5: DN, index @@ -93,6 +113,8 @@ V 130110200751Z 67 unknown CN=expired1.$iname V 130110200751Z c9 unknown CN=server2.$iname V 130110200751Z ca unknown CN=revoked2.$iname V 130110200751Z cb unknown CN=expired2.$iname +V 130110200751Z 42 unknown CN=clica Signing Cert rsa +V 130110200751Z 41 unknown CN=clica CA rsa EOF cat >$CADIR/index.revoked.txt < $RESP.pem + + # Then, ocsp request and responses for the signer cert + REQ=$CADIR/Signer.ocsp.req + RESP=$CADIR/Signer.ocsp.signernocert.good.resp + openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/Signer.pem -no_nonce -reqout $REQ + openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \ + -ndays 3652 -reqin $REQ -respout $RESP + ocsptool -S $RESP -j > $RESP.pem + + RESP=$CADIR/Signer.ocsp.signernocert.revoked.resp + openssl ocsp $IREVOKED -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \ + -ndays 3652 -reqin $REQ -respout $RESP + ocsptool -S $RESP -j > $RESP.pem + + # Then, ocsp request and response for the CA cert + REQ=$CADIR/CA.ocsp.req + RESP=$CADIR/CA.ocsp.signernocert.good.resp + openssl ocsp -issuer $CADIR/CA.pem -sha256 -cert $CADIR/CA.pem -no_nonce -reqout $REQ + openssl ocsp $IVALID -rsigner $CADIR/CA.pem -rkey $CADIR/CA.key -CA $CADIR/CA.pem -resp_no_certs -noverify \ + -ndays 3652 -reqin $REQ -respout $RESP + ocsptool -S $RESP -j > $RESP.pem + #### done diff --git a/test/aux-var-src/tls_conf_prefix b/test/aux-var-src/tls_conf_prefix index 1c464f63e..ad9501ed0 100644 --- a/test/aux-var-src/tls_conf_prefix +++ b/test/aux-var-src/tls_conf_prefix @@ -1,4 +1,4 @@ -keep_environment = PATH:SSLKEYLOGFILE +keep_environment = PATH:SSLKEYLOGFILE:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK exim_path = EXIM_PATH host_lookup_order = bydns spool_directory = DIR/spool diff --git a/test/confs/5653 b/test/confs/5655 similarity index 55% rename from test/confs/5653 rename to test/confs/5655 index 5b29f5b68..0f6fe1b98 100644 --- a/test/confs/5653 +++ b/test/confs/5655 @@ -1,5 +1,5 @@ -# Exim test configuration 5652 -# OCSP stapling, server, multiple certs +# Exim test configuration 5655 +# OCSP stapling, server, multiple chain-element OCSP .include DIR/aux-var/tls_conf_prefix @@ -7,6 +7,7 @@ primary_hostname = server1.example.com # ----- Main settings ----- +acl_smtp_connect = accept logwrite = ${env {SSLKEYLOGFILE}} acl_smtp_mail = check_mail acl_smtp_rcpt = check_recipient @@ -21,15 +22,23 @@ CADIR = DIR/aux-fixed/exim-ca DRSA = CADIR/example.com DECDSA = CADIR/example_ec.com -tls_certificate = DRSA/server1.example.com/server1.example.com.pem \ +tls_certificate = DRSA/server1.example.com/fullchain.pem \ : DECDSA/server1.example_ec.com/server1.example_ec.com.pem tls_privatekey = DRSA/server1.example.com/server1.example.com.unlocked.key \ : DECDSA/server1.example_ec.com/server1.example_ec.com.unlocked.key -tls_ocsp_file = DRSA/server1.example.com/server1.example.com.ocsp.good.resp \ - : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp +.ifndef CONTROL +tls_ocsp_file = PEM DIR/tmp/ocsp/triple.ocsp.pem \ + : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp +.else +tls_ocsp_file = PEM DIR/tmp/ocsp/double_r.ocsp.pem \ + : DER DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp +.endif -tls_require_ciphers = NORMAL:!VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0 + +.ifdef _HAVE_GNUTLS +tls_require_ciphers = ${if eq {LIMIT}{TLS1.2} {NORMAL:!VERS-ALL:+VERS-TLS1.2} {}} +.endif # ------ ACL ------ @@ -70,9 +79,22 @@ remote_delivery: driver = smtp port = PORT_D hosts_require_tls = * - tls_require_ciphers = OPT +.ifdef _HAVE_GNUTLS + + tls_require_ciphers = ${if eq {LIMIT}{TLS1.2} \ + {NONE:\ + ${if eq {OPT}{rsa} \ + {+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA} \ + {+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL}}\ + :+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509} \ + {}} + tls_verify_certificates = CADIR/\ + ${if eq {OPT}{rsa} \ + {example.com/server1.example.com} \ + {example_ec.com/server1.example_ec.com}}\ + /ca_chain.pem +.endif hosts_require_ocsp = * - tls_verify_certificates = CERT tls_verify_cert_hostnames = : local_delivery: diff --git a/test/log/5653 b/test/log/5653 deleted file mode 100644 index 82d2e7aeb..000000000 --- a/test/log/5653 +++ /dev/null @@ -1,9 +0,0 @@ -1999-03-02 09:44:33 1: Server sends good staple on request, to client requiring RSA auth -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified) -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com diff --git a/test/log/5655 b/test/log/5655 new file mode 100644 index 000000000..4cb16c24c --- /dev/null +++ b/test/log/5655 @@ -0,0 +1,27 @@ +1999-03-02 09:44:33 1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 3: TLS1.3 Server sends bad nonleaf staple, client detects it +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 == rsa.auth@test.ex R=client T=remote_delivery defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) +1999-03-02 09:44:33 10HmbB-0005vi-00 ** rsa.auth@test.ex: retry timeout exceeded +1999-03-02 09:44:33 10HmbB-0005vi-00 rsa.auth@test.ex: error ignored +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 +1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 +1999-03-02 09:44:33 acl_mail: ocsp in status: 1 (notresp) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): The TLS connection was non-properly terminated. diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/5655 b/test/scripts/5655-OCSP-GnuTLS-1.3/5655 new file mode 100644 index 000000000..25ebdfd6b --- /dev/null +++ b/test/scripts/5655-OCSP-GnuTLS-1.3/5655 @@ -0,0 +1,59 @@ +# OCSP stapling, server, multiple chain-element OCSP +# +# +# +mkdir -p DIR/tmp/ocsp +sudo chown -R EXIMUSER:EXIMGROUP tmp +sudo chmod -R a+rwx DIR/tmp/ocsp +perl +chdir 'aux-fixed/exim-ca/example.com'; +system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.good.resp.pem CA/CA.ocsp.signernocert.good.resp.pem > DIR/tmp/ocsp/triple.ocsp.pem'; +system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem'; +**** +# +# +exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth' +**** +# +exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2 +**** +# +exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex +Subject: test + +. +**** +killdaemon +# +# +exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth' +**** +# +exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 +**** +exim -odf -DOPT=rsa rsa.auth@test.ex +Subject: test + +. +**** +killdaemon +# +# +# +exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it' +**** +# +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad +**** +exim -odf -DOPT=rsa rsa.auth@test.ex +Subject: test + +. +**** +killdaemon +# +# +# +# +sudo rm -fr tmp/ +no_msglog_check diff --git a/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES b/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES new file mode 100644 index 000000000..ab5a9721d --- /dev/null +++ b/test/scripts/5655-OCSP-GnuTLS-1.3/REQUIRES @@ -0,0 +1,4 @@ +support GnuTLS +support OCSP +running IPv4 +feature _HAVE_TLS1_3