You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When SSL_CTX_use_serverinfo_file() is used to configure custom TLS extension data for an SSL_CTX, e.g. SCT data, and that SSL_CTX has been configured with multiple certificates via SSL_CTX_use_certificate(), strange things can happen.
To illustrate, assume a SSL_CTX which has been configured with a serverinfo file for TLS extension type 18, and two server certificates: first an RSA certificate, then an EC certificate. With such a server setup, using openssl s_client to request the configured TLS extension might work:
It turns out that by requesting the TLS extension type 18 in the handshake, the handshake fails for the first configured server certificate, but succeeds for the last configured server certificate.
Once this bug is fixed, another unexpected behavior surfaces: the TLS extension data is only returned when the last configured server certificate is used. It looks like this happens because SSL_CTX_use_serverinfo_file(), meant to configure the TLS extension data for the entire SSL_CTX, only copies that data into the currently configured cert (i.e.ctx->cert->key->serverinfo). But when TLS extension data is retrieved, it's done using the cert->pkeys array. Adding another server certificate adds another entry to the cert->pkeys array and changes ctx->cert->key, but does not copy/preserve any configured serverinfo data.
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
When
SSL_CTX_use_serverinfo_file()
is used to configure custom TLS extension data for anSSL_CTX
, e.g. SCT data, and thatSSL_CTX
has been configured with multiple certificates viaSSL_CTX_use_certificate()
, strange things can happen.To illustrate, assume a
SSL_CTX
which has been configured with a serverinfo file for TLS extension type 18, and two server certificates: first an RSA certificate, then an EC certificate. With such a server setup, usingopenssl s_client
to request the configured TLS extension might work:or it might not:
It turns out that by requesting the TLS extension type 18 in the handshake, the handshake fails for the first configured server certificate, but succeeds for the last configured server certificate.
Once this bug is fixed, another unexpected behavior surfaces: the TLS extension data is only returned when the last configured server certificate is used. It looks like this happens because
SSL_CTX_use_serverinfo_file()
, meant to configure the TLS extension data for the entireSSL_CTX
, only copies that data into the currently configured cert (i.e.ctx->cert->key->serverinfo
). But when TLS extension data is retrieved, it's done using thecert->pkeys
array. Adding another server certificate adds another entry to thecert->pkeys
array and changesctx->cert->key
, but does not copy/preserve any configuredserverinfo
data.This behavior was noticed as part of diagnosing this StackOverflow issue: http://serverfault.com/q/758482/253490
The text was updated successfully, but these errors were encountered: