In Chrome/Chromium some websites fail, due to: ERR_CERT_INVALID

[w0z33]

I have an interesting issue where only some websites fail to load, using Chrome or Chromium. All websites work using Firefox. For example:

• www.google.co.uk (works - no wildcard in certificate)
• www.google.com (works - wildcard in CN)
• news.google.com.au (fails - SNI matches wildcard in Subject Alternative Name: *.google.com.au)
• whatismyipaddress.com (fails - SNI matches wildcard in Subject Alternative Name)

The only common element I can see in the certificates, is that the ones that fail have a wildcard DNS in the Subject Alternative Name field. Or specifically the SNI matches a wildcard domain name in that field.
If the wildcard is in the Common Name field, it succeeds.

• Output of sslsplit -V :

SSLsplit 0.5.2-28-ged60370-dirty (built 2018-07-10)
Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DDEBUG_CERTIFICATE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.0g  2 Nov 2017 (1010007f)
rtlinked against OpenSSL 1.1.0g  2 Nov 2017 (1010007f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
1 CPU cores detected

• Output of uname -a

Linux vpn 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

• Exact command line arguments used to run sslsplit

./sslsplit/sslsplit -D -k sslsplit/extra/pki/rsa.key -c sslsplit/extra/pki/rsa.pem -P http 0.0.0.0 8080 https 0.0.0.0 8443 

• NAT redirection rules you are using, if applicable

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

• DEBUG Output from https://whatismyipaddress.com/
  (file attached)
  sslsplit.debug.log

[droe]

Thank you for the high-quality bug report!

What is the exact version of NSS that Chrome/Chromium is using on your Linux box?

[droe]

My reading of Chromium's net/cert/cert_verify_proc_nss.cc:MapSecurityError() is that the following NSS errors are mapped to ERR_CERT_INVALID on Linux:

    case SEC_ERROR_BAD_DER:
    case SEC_ERROR_BAD_SIGNATURE:
    case SEC_ERROR_CERT_NOT_VALID:
    // TODO(port): add an ERR_CERT_WRONG_USAGE error code.
    case SEC_ERROR_CERT_USAGES_INVALID:
    case SEC_ERROR_INADEQUATE_KEY_USAGE:  // Key usage.
    case SEC_ERROR_INADEQUATE_CERT_TYPE:  // Extended key usage and whether
                                          // the certificate is a CA.
    case SEC_ERROR_POLICY_VALIDATION_FAILED:
    case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
    case SEC_ERROR_EXTENSION_VALUE_INVALID:
      return ERR_CERT_INVALID;

[droe]

I get NSS error SEC_ERROR_INADEQUATE_KEY_USAGE for news.google.com.au with Ubuntu 18.04 Chromium.

[droe]

My current best guess is the following. Servers using EC public keys don't set the Key Encipherment key usage; SSLsplit copies the key usage from the original certificate but uses RSA, resulting in a forged server certificate for RSA that has only Signing but not Key Encipherment key usage, which is treated by NSS as inadequate key usage.

[droe]

Implemented a candidate fix in branch issue/195, can you test drive that and let me know if that fixes the issue for you?

[w0z33]

Yes, that works. Thank you.
Attached is a log file of the same website as the above, https://whatismyipaddress.com, for comparison.
also working with pass-through: the google set of sites - https://news.google.com.au.
I'll do some further testing today.
sslsplit.debug.log
thanks.

[droe]

Merged issue/195 to develop. Let me know if there are still browser errors remaining, ideally with VPN setup ready for me to test directly, or with specific NSS error.