New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ECDSA + Must-Staple = Internal server error #1706

Closed
osirisinferi opened this Issue Apr 6, 2016 · 7 comments

Comments

Projects
None yet
3 participants
@osirisinferi

When requesting an ECDSA public key CSR with the Must-Staple feature extension enabled, Boulder response with an internal server error:

2016-04-06 23:03:24,443:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 500 88
2016-04-06 23:03:24,446:DEBUG:root:Received <Response [500]>. Headers: {'Content-Length': '88', 'Expires': 'Wed, 06 Apr 2016 21:03:24 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 06 Apr 2016 21:03:24 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'mllf74XIoDB8L1foH8h_p3el0bqApHigY_Hn6v9OKcA'}. Content: '{"type":"urn:acme:error:serverInternal","detail":"Error creating new cert","status":500}'

When I generate the same CSR (simple bash script), but with genrsa key generation in stead of ecparam (i.e., RSA in stead of ECDSA), all works like a charm, including the Must-Staple feature in the generated (staging) certificate.

Also, generating an ECDSA certificate without the Must-Staple feature works like a charm too.

So:

RSA: fine
ECDSA: fine
RSA with must-staple: fine
ECDSA with must staple: internal server error..

Could it be this line generating the error? https://github.com/letsencrypt/boulder/blob/master/ra/registration-authority.go#L590

Unfortunately, internal server errors aren't very helpful for debugging from the client sides perspective..

@jsha

This comment has been minimized.

Show comment
Hide comment
@jsha

jsha Apr 7, 2016

Contributor

Excellent bug-finding, thanks! If you run against a local Boulder, you get this in the logs:

23:51:21 boulder-ca ERR [AUDIT] Signing failed: serial=[ff56f6ab5dd4c6b3f3dbf7557fff2afd6c86] err=[{"code":1300,"message":"Invalid certificate request"}]

This is because we only added the must staple extension to allowed_extensions for the rsa profile in boulder-config.json, not the ecdsa one. Will fix before sending to prod.

Thanks,
Jacob

Contributor

jsha commented Apr 7, 2016

Excellent bug-finding, thanks! If you run against a local Boulder, you get this in the logs:

23:51:21 boulder-ca ERR [AUDIT] Signing failed: serial=[ff56f6ab5dd4c6b3f3dbf7557fff2afd6c86] err=[{"code":1300,"message":"Invalid certificate request"}]

This is because we only added the must staple extension to allowed_extensions for the rsa profile in boulder-config.json, not the ecdsa one. Will fix before sending to prod.

Thanks,
Jacob

@osirisinferi

This comment has been minimized.

Show comment
Hide comment
@osirisinferi

osirisinferi Apr 7, 2016

Credits go to tlussnig for mentioning the bug first.. 😄

One question though: is internal server error the right error message when the Must-Staple extension isn't allowed at all? Or should this also get some more meaningful error message? Or perhaps some configuration part was missing at all in the ECDSA profile, leading to this error. I.e., when properly configured not to enable must-staple, would it generate a meaningful error message at this time?

Credits go to tlussnig for mentioning the bug first.. 😄

One question though: is internal server error the right error message when the Must-Staple extension isn't allowed at all? Or should this also get some more meaningful error message? Or perhaps some configuration part was missing at all in the ECDSA profile, leading to this error. I.e., when properly configured not to enable must-staple, would it generate a meaningful error message at this time?

@SkateScout

This comment has been minimized.

Show comment
Hide comment
@SkateScout

SkateScout Apr 7, 2016

If i understand the extension correctly it is not called "must-stable". The extension have an list of integers that tell the client these are the list that the server have to support. So it would be no problem instead of only tell the client that 5:=ocsp-staple is supported. but also include

  • 16 := Application Layer Protocol Negotiation
  • 18 := SignedCertificateTimestamp (Certificate Transparency)
    Would this also be allowed? And if not is there an better error message ?

MIICozCCAYsCAQAwGTEXMBUGA1UEAxMOdGVzdC5zdWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+x8CAoEgIif9JPV5srEnEmwTY+Cu4gsDoy319AFDAMkPmellypZIw5sBc8eg+tfAN2hu+5jrWm8oIfvUAAXHZ/SIyfFlg0NCC7U6tK/z0o48BopE4VXBVISz9qQU9AIhJBK8BF04mqCa/31jG+JdTvQrcMvF4cIVXXkwQLNdwH/3H/BAiYUNxCl8gvG7FF5nlfiQcc9CrE7/dUODtxcraItOsT1u/LZrg6UWbu5uRjy56iyUOvnNXYF2BPFSb7QXN1htUKbdesFFXNiktgF/5m5Rltomo22SLWHQaKP7+7TBQe3fZ4sc+NJ9yT+KuErTg0ha9PQTp8+Jn9MsrEBaLAgMBAAGgRTBDBgkqhkiG9w0BCQ4xNjA0MBcGCCsGAQUFBwEYBAswCQIBBQIBEAIBEjAZBgNVHREEEjAQgg50ZXN0LnN1Y2hlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAd96aTAt3eZAv3TnkKWinNHfzCrDgGdnO+w9efM7ZcmehwDXmJ6PyRCnOZCbeKIWpZT/LkmJrYUbxedVLMmmLAZcGiDwTerFnjEiUk9PTKxbqHhCHSYy0BsPD+GjBS1DQ86gIbpDOQSvYo6ydK6fCEKZ/o528cnIwtB2oqfxY3FuwmjFxnISR6vHoDTGFr3CI7zzahGX0qRJwsjvepjuvu23kAqlMo4UVjiOEhZwqAOVoQ48x7nLKkfb83FDcCEgvoFpsaZdS0XUMaMX8a5Z44BkqQO1CYqFgdoZbsVXRCKBIwp35E03Q0JxdEHWuy2/raUGB4lN9gR9XGbgNXhKs4g==

In this CSR i added ALPN and SCT as constraint that the server have to support but is is not accepted. But this time with some better error than the error with ECDSA.
Error creating new cert :: Unsupported value for extension with OID 1.3.6.1.5.5.7.1.24

If i understand the extension correctly it is not called "must-stable". The extension have an list of integers that tell the client these are the list that the server have to support. So it would be no problem instead of only tell the client that 5:=ocsp-staple is supported. but also include

  • 16 := Application Layer Protocol Negotiation
  • 18 := SignedCertificateTimestamp (Certificate Transparency)
    Would this also be allowed? And if not is there an better error message ?

MIICozCCAYsCAQAwGTEXMBUGA1UEAxMOdGVzdC5zdWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+x8CAoEgIif9JPV5srEnEmwTY+Cu4gsDoy319AFDAMkPmellypZIw5sBc8eg+tfAN2hu+5jrWm8oIfvUAAXHZ/SIyfFlg0NCC7U6tK/z0o48BopE4VXBVISz9qQU9AIhJBK8BF04mqCa/31jG+JdTvQrcMvF4cIVXXkwQLNdwH/3H/BAiYUNxCl8gvG7FF5nlfiQcc9CrE7/dUODtxcraItOsT1u/LZrg6UWbu5uRjy56iyUOvnNXYF2BPFSb7QXN1htUKbdesFFXNiktgF/5m5Rltomo22SLWHQaKP7+7TBQe3fZ4sc+NJ9yT+KuErTg0ha9PQTp8+Jn9MsrEBaLAgMBAAGgRTBDBgkqhkiG9w0BCQ4xNjA0MBcGCCsGAQUFBwEYBAswCQIBBQIBEAIBEjAZBgNVHREEEjAQgg50ZXN0LnN1Y2hlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAd96aTAt3eZAv3TnkKWinNHfzCrDgGdnO+w9efM7ZcmehwDXmJ6PyRCnOZCbeKIWpZT/LkmJrYUbxedVLMmmLAZcGiDwTerFnjEiUk9PTKxbqHhCHSYy0BsPD+GjBS1DQ86gIbpDOQSvYo6ydK6fCEKZ/o528cnIwtB2oqfxY3FuwmjFxnISR6vHoDTGFr3CI7zzahGX0qRJwsjvepjuvu23kAqlMo4UVjiOEhZwqAOVoQ48x7nLKkfb83FDcCEgvoFpsaZdS0XUMaMX8a5Z44BkqQO1CYqFgdoZbsVXRCKBIwp35E03Q0JxdEHWuy2/raUGB4lN9gR9XGbgNXhKs4g==

In this CSR i added ALPN and SCT as constraint that the server have to support but is is not accepted. But this time with some better error than the error with ECDSA.
Error creating new cert :: Unsupported value for extension with OID 1.3.6.1.5.5.7.1.24

@jsha

This comment has been minimized.

Show comment
Hide comment
@jsha

jsha Apr 7, 2016

Contributor

You are correct. The extension is more properly called TLS Feature, but that's an awkward name, and AFAIK the only supported value is for stapling, so we colloquially call it "Must Staple."

Contributor

jsha commented Apr 7, 2016

You are correct. The extension is more properly called TLS Feature, but that's an awkward name, and AFAIK the only supported value is for stapling, so we colloquially call it "Must Staple."

@SkateScout

This comment has been minimized.

Show comment
Hide comment
@SkateScout

SkateScout Apr 7, 2016

https://tools.ietf.org/html/rfc7633
"SMI Security for PKIX Certificate Extension" 1.3.6.1.5.5.7.1

  • 24 := id-pe-tlsfeature
    Point 4.* Descripe the Syntax and how it should be intepreted.
    There is no place that say the Features (SEQUENCE OF INTEGER)
    Should be limited to one Integer with the value 5.

I am fully aware that in the introduction only OCSP is mentioned
as an usecase. But in the technical part it is not limted to these
use case.

https://tools.ietf.org/html/rfc7633
"SMI Security for PKIX Certificate Extension" 1.3.6.1.5.5.7.1

  • 24 := id-pe-tlsfeature
    Point 4.* Descripe the Syntax and how it should be intepreted.
    There is no place that say the Features (SEQUENCE OF INTEGER)
    Should be limited to one Integer with the value 5.

I am fully aware that in the introduction only OCSP is mentioned
as an usecase. But in the technical part it is not limted to these
use case.

@osirisinferi

This comment has been minimized.

Show comment
Hide comment
@osirisinferi

osirisinferi Apr 9, 2016

While in theory that's true, even browsers are currently only supporting Must-Staple: https://hg.mozilla.org/mozilla-central/rev/801655542a12 (euh, I mean, Firefox, because other browsers aren't implementing TLS Feature Extension at all as far as I know...)

While in theory that's true, even browsers are currently only supporting Must-Staple: https://hg.mozilla.org/mozilla-central/rev/801655542a12 (euh, I mean, Firefox, because other browsers aren't implementing TLS Feature Extension at all as far as I know...)

@jsha

This comment has been minimized.

Show comment
Hide comment
@jsha

jsha May 24, 2016

Contributor

Must Staple is now live in production.

Contributor

jsha commented May 24, 2016

Must Staple is now live in production.

@jsha jsha closed this May 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment