|
|
6c1422 |
From 673adb0a7a21ca3a877ee03dc9e197d5be15a9d3 Mon Sep 17 00:00:00 2001
|
|
|
6c1422 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
6c1422 |
Date: Mon, 2 Dec 2019 10:45:55 +0100
|
|
|
6c1422 |
Subject: [PATCH 1/3] openssl: set X509_V_FLAG_PARTIAL_CHAIN
|
|
|
6c1422 |
|
|
|
6c1422 |
Have intermediate certificates in the trust store be treated as
|
|
|
6c1422 |
trust-anchors, in the same way as self-signed root CA certificates
|
|
|
6c1422 |
are. This allows users to verify servers using the intermediate cert
|
|
|
6c1422 |
only, instead of needing the whole chain.
|
|
|
6c1422 |
|
|
|
6c1422 |
Other TLS backends already accept partial chains.
|
|
|
6c1422 |
|
|
|
6c1422 |
Reported-by: Jeffrey Walton
|
|
|
6c1422 |
Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html
|
|
|
6c1422 |
|
|
|
6c1422 |
Upstream-commit: 94f1f771586913addf5c68f9219e176036c50115
|
|
|
6c1422 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
6c1422 |
---
|
|
|
6c1422 |
lib/vtls/openssl.c | 26 +++++++++++++++++---------
|
|
|
6c1422 |
1 file changed, 17 insertions(+), 9 deletions(-)
|
|
|
6c1422 |
|
|
|
6c1422 |
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
|
6c1422 |
index d8bcc4f..8e791b9 100644
|
|
|
6c1422 |
--- a/lib/vtls/openssl.c
|
|
|
6c1422 |
+++ b/lib/vtls/openssl.c
|
|
|
6c1422 |
@@ -2551,19 +2551,27 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|
|
6c1422 |
infof(data, " CRLfile: %s\n", ssl_crlfile);
|
|
|
6c1422 |
}
|
|
|
6c1422 |
|
|
|
6c1422 |
- /* Try building a chain using issuers in the trusted store first to avoid
|
|
|
6c1422 |
- problems with server-sent legacy intermediates.
|
|
|
6c1422 |
- Newer versions of OpenSSL do alternate chain checking by default which
|
|
|
6c1422 |
- gives us the same fix without as much of a performance hit (slight), so we
|
|
|
6c1422 |
- prefer that if available.
|
|
|
6c1422 |
- https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
|
|
6c1422 |
- */
|
|
|
6c1422 |
-#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
|
|
|
6c1422 |
if(verifypeer) {
|
|
|
6c1422 |
+ /* Try building a chain using issuers in the trusted store first to avoid
|
|
|
6c1422 |
+ problems with server-sent legacy intermediates. Newer versions of
|
|
|
6c1422 |
+ OpenSSL do alternate chain checking by default which gives us the same
|
|
|
6c1422 |
+ fix without as much of a performance hit (slight), so we prefer that if
|
|
|
6c1422 |
+ available.
|
|
|
6c1422 |
+ https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
|
|
6c1422 |
+ */
|
|
|
6c1422 |
+#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
|
|
|
6c1422 |
X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
|
|
6c1422 |
X509_V_FLAG_TRUSTED_FIRST);
|
|
|
6c1422 |
- }
|
|
|
6c1422 |
#endif
|
|
|
6c1422 |
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
|
|
|
6c1422 |
+ /* Have intermediate certificates in the trust store be treated as
|
|
|
6c1422 |
+ trust-anchors, in the same way as self-signed root CA certificates
|
|
|
6c1422 |
+ are. This allows users to verify servers using the intermediate cert
|
|
|
6c1422 |
+ only, instead of needing the whole chain. */
|
|
|
6c1422 |
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
|
|
6c1422 |
+ X509_V_FLAG_PARTIAL_CHAIN);
|
|
|
6c1422 |
+#endif
|
|
|
6c1422 |
+ }
|
|
|
6c1422 |
|
|
|
6c1422 |
/* SSL always tries to verify the peer, this only says whether it should
|
|
|
6c1422 |
* fail to connect if the verification fails, or if it should continue
|
|
|
6c1422 |
--
|
|
|
6c1422 |
2.26.2
|
|
|
6c1422 |
|
|
|
6c1422 |
|
|
|
6c1422 |
From b2e6e39b60e1722aecf250ff79a69867df5d3aa8 Mon Sep 17 00:00:00 2001
|
|
|
6c1422 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
6c1422 |
Date: Mon, 2 Dec 2019 10:55:33 +0100
|
|
|
6c1422 |
Subject: [PATCH 2/3] openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial
|
|
|
6c1422 |
cert chains
|
|
|
6c1422 |
|
|
|
6c1422 |
Closes #4655
|
|
|
6c1422 |
|
|
|
6c1422 |
Upstream-commit: 564d88a8bd190a21b362d6da535fccf74d33394d
|
|
|
6c1422 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
6c1422 |
---
|
|
|
6c1422 |
docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 | 40 +++++++++++++------------
|
|
|
6c1422 |
docs/libcurl/symbols-in-versions | 1 +
|
|
|
6c1422 |
include/curl/curl.h | 4 +++
|
|
|
6c1422 |
lib/setopt.c | 1 +
|
|
|
6c1422 |
lib/urldata.h | 1 +
|
|
|
6c1422 |
lib/vtls/openssl.c | 14 +++++----
|
|
|
6c1422 |
6 files changed, 36 insertions(+), 25 deletions(-)
|
|
|
6c1422 |
|
|
|
6c1422 |
diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
|
|
|
6c1422 |
index d781434..6286a64 100644
|
|
|
6c1422 |
--- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
|
|
|
6c1422 |
+++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
|
|
|
6c1422 |
@@ -29,25 +29,27 @@ CURLOPT_SSL_OPTIONS \- set SSL behavior options
|
|
|
6c1422 |
|
|
|
6c1422 |
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);
|
|
|
6c1422 |
.SH DESCRIPTION
|
|
|
6c1422 |
-Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
|
|
|
6c1422 |
-
|
|
|
6c1422 |
-\fICURLSSLOPT_ALLOW_BEAST\fP tells libcurl to not attempt to use any
|
|
|
6c1422 |
-workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this
|
|
|
6c1422 |
-option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a
|
|
|
6c1422 |
-work-around for this flaw although it might cause interoperability problems
|
|
|
6c1422 |
-with some (older) SSL implementations. WARNING: avoiding this work-around
|
|
|
6c1422 |
-lessens the security, and by setting this option to 1 you ask for exactly that.
|
|
|
6c1422 |
-This option is only supported for DarwinSSL, NSS and OpenSSL.
|
|
|
6c1422 |
-
|
|
|
6c1422 |
-Added in 7.44.0:
|
|
|
6c1422 |
-
|
|
|
6c1422 |
-\fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation
|
|
|
6c1422 |
-checks for those SSL backends where such behavior is present. \fBCurrently this
|
|
|
6c1422 |
-option is only supported for WinSSL (the native Windows SSL library), with an
|
|
|
6c1422 |
-exception in the case of Windows' Untrusted Publishers blacklist which it seems
|
|
|
6c1422 |
-can't be bypassed.\fP This option may have broader support to accommodate other
|
|
|
6c1422 |
-SSL backends in the future.
|
|
|
6c1422 |
-https://curl.haxx.se/docs/ssl-compared.html
|
|
|
6c1422 |
+Pass a long with a bitmask to tell libcurl about specific SSL
|
|
|
6c1422 |
+behaviors. Available bits:
|
|
|
6c1422 |
+.IP CURLSSLOPT_ALLOW_BEAST
|
|
|
6c1422 |
+Tells libcurl to not attempt to use any workarounds for a security flaw in the
|
|
|
6c1422 |
+SSL3 and TLS1.0 protocols. If this option isn't used or this bit is set to 0,
|
|
|
6c1422 |
+the SSL layer libcurl uses may use a work-around for this flaw although it
|
|
|
6c1422 |
+might cause interoperability problems with some (older) SSL
|
|
|
6c1422 |
+implementations. WARNING: avoiding this work-around lessens the security, and
|
|
|
6c1422 |
+by setting this option to 1 you ask for exactly that. This option is only
|
|
|
6c1422 |
+supported for DarwinSSL, NSS and OpenSSL.
|
|
|
6c1422 |
+.IP CURLSSLOPT_NO_REVOKE
|
|
|
6c1422 |
+Tells libcurl to disable certificate revocation checks for those SSL backends
|
|
|
6c1422 |
+where such behavior is present. This option is only supported for Schannel
|
|
|
6c1422 |
+(the native Windows SSL library), with an exception in the case of Windows'
|
|
|
6c1422 |
+Untrusted Publishers blacklist which it seems can't be bypassed. (Added in
|
|
|
6c1422 |
+7.44.0)
|
|
|
6c1422 |
+.IP CURLSSLOPT_NO_PARTIALCHAIN
|
|
|
6c1422 |
+Tells libcurl to not accept "partial" certificate chains, which it otherwise
|
|
|
6c1422 |
+does by default. This option is only supported for OpenSSL and will fail the
|
|
|
6c1422 |
+certificate verification if the chain ends with an intermediate certificate
|
|
|
6c1422 |
+and not with a root cert. (Added in 7.68.0)
|
|
|
6c1422 |
.SH DEFAULT
|
|
|
6c1422 |
0
|
|
|
6c1422 |
.SH PROTOCOLS
|
|
|
6c1422 |
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
|
|
|
6c1422 |
index 3b3861f..54923d0 100644
|
|
|
6c1422 |
--- a/docs/libcurl/symbols-in-versions
|
|
|
6c1422 |
+++ b/docs/libcurl/symbols-in-versions
|
|
|
6c1422 |
@@ -713,6 +713,7 @@ CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1
|
|
|
6c1422 |
CURLSSLBACKEND_SCHANNEL 7.34.0
|
|
|
6c1422 |
CURLSSLBACKEND_WOLFSSL 7.49.0
|
|
|
6c1422 |
CURLSSLOPT_ALLOW_BEAST 7.25.0
|
|
|
6c1422 |
+CURLSSLOPT_NO_PARTIALCHAIN 7.68.0
|
|
|
6c1422 |
CURLSSLOPT_NO_REVOKE 7.44.0
|
|
|
6c1422 |
CURLSSLSET_NO_BACKENDS 7.56.0
|
|
|
6c1422 |
CURLSSLSET_OK 7.56.0
|
|
|
6c1422 |
diff --git a/include/curl/curl.h b/include/curl/curl.h
|
|
|
6c1422 |
index 8f473e2..75f9384 100644
|
|
|
6c1422 |
--- a/include/curl/curl.h
|
|
|
6c1422 |
+++ b/include/curl/curl.h
|
|
|
6c1422 |
@@ -795,6 +795,10 @@ typedef enum {
|
|
|
6c1422 |
SSL backends where such behavior is present. */
|
|
|
6c1422 |
#define CURLSSLOPT_NO_REVOKE (1<<1)
|
|
|
6c1422 |
|
|
|
6c1422 |
+/* - NO_PARTIALCHAIN tells libcurl to *NOT* accept a partial certificate chain
|
|
|
6c1422 |
+ if possible. The OpenSSL backend has this ability. */
|
|
|
6c1422 |
+#define CURLSSLOPT_NO_PARTIALCHAIN (1<<2)
|
|
|
6c1422 |
+
|
|
|
6c1422 |
/* The default connection attempt delay in milliseconds for happy eyeballs.
|
|
|
6c1422 |
CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 and happy-eyeballs-timeout-ms.d document
|
|
|
6c1422 |
this value, keep them in sync. */
|
|
|
6c1422 |
diff --git a/lib/setopt.c b/lib/setopt.c
|
|
|
6c1422 |
index 5c5f4b3..4f04962 100644
|
|
|
6c1422 |
--- a/lib/setopt.c
|
|
|
6c1422 |
+++ b/lib/setopt.c
|
|
|
6c1422 |
@@ -2046,6 +2046,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
|
|
|
6c1422 |
arg = va_arg(param, long);
|
|
|
6c1422 |
data->set.ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
|
|
|
6c1422 |
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
|
|
|
6c1422 |
+ data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
|
|
|
6c1422 |
break;
|
|
|
6c1422 |
|
|
|
6c1422 |
case CURLOPT_PROXY_SSL_OPTIONS:
|
|
|
6c1422 |
diff --git a/lib/urldata.h b/lib/urldata.h
|
|
|
6c1422 |
index 4b70cc5..c70290a 100644
|
|
|
6c1422 |
--- a/lib/urldata.h
|
|
|
6c1422 |
+++ b/lib/urldata.h
|
|
|
6c1422 |
@@ -235,6 +235,7 @@ struct ssl_config_data {
|
|
|
6c1422 |
bool enable_beast; /* especially allow this flaw for interoperability's
|
|
|
6c1422 |
sake*/
|
|
|
6c1422 |
bool no_revoke; /* disable SSL certificate revocation checks */
|
|
|
6c1422 |
+ bool no_partialchain; /* don't accept partial certificate chains */
|
|
|
6c1422 |
long certverifyresult; /* result from the certificate verification */
|
|
|
6c1422 |
char *CRLfile; /* CRL to check certificate revocation */
|
|
|
6c1422 |
char *issuercert;/* optional issuer certificate filename */
|
|
|
6c1422 |
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
|
6c1422 |
index 8e791b9..87f6c4c 100644
|
|
|
6c1422 |
--- a/lib/vtls/openssl.c
|
|
|
6c1422 |
+++ b/lib/vtls/openssl.c
|
|
|
6c1422 |
@@ -2564,12 +2564,14 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|
|
6c1422 |
X509_V_FLAG_TRUSTED_FIRST);
|
|
|
6c1422 |
#endif
|
|
|
6c1422 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN
|
|
|
6c1422 |
- /* Have intermediate certificates in the trust store be treated as
|
|
|
6c1422 |
- trust-anchors, in the same way as self-signed root CA certificates
|
|
|
6c1422 |
- are. This allows users to verify servers using the intermediate cert
|
|
|
6c1422 |
- only, instead of needing the whole chain. */
|
|
|
6c1422 |
- X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
|
|
6c1422 |
- X509_V_FLAG_PARTIAL_CHAIN);
|
|
|
6c1422 |
+ if(!SSL_SET_OPTION(no_partialchain)) {
|
|
|
6c1422 |
+ /* Have intermediate certificates in the trust store be treated as
|
|
|
6c1422 |
+ trust-anchors, in the same way as self-signed root CA certificates
|
|
|
6c1422 |
+ are. This allows users to verify servers using the intermediate cert
|
|
|
6c1422 |
+ only, instead of needing the whole chain. */
|
|
|
6c1422 |
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
|
|
6c1422 |
+ X509_V_FLAG_PARTIAL_CHAIN);
|
|
|
6c1422 |
+ }
|
|
|
6c1422 |
#endif
|
|
|
6c1422 |
}
|
|
|
6c1422 |
|
|
|
6c1422 |
--
|
|
|
6c1422 |
2.26.2
|
|
|
6c1422 |
|
|
|
6c1422 |
|
|
|
6c1422 |
From d149ba12f302e5275b408d82ffb349eac16b9226 Mon Sep 17 00:00:00 2001
|
|
|
6c1422 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
6c1422 |
Date: Mon, 11 May 2020 23:00:31 +0200
|
|
|
6c1422 |
Subject: [PATCH 3/3] OpenSSL: have CURLOPT_CRLFILE imply
|
|
|
6c1422 |
CURLSSLOPT_NO_PARTIALCHAIN
|
|
|
6c1422 |
|
|
|
6c1422 |
... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.
|
|
|
6c1422 |
|
|
|
6c1422 |
Reported-by: Michael Kaufmann
|
|
|
6c1422 |
Fixes #5374
|
|
|
6c1422 |
Closes #5376
|
|
|
6c1422 |
|
|
|
6c1422 |
Upstream-commit: 81a54b12c631e8126e3eb484c74040b991e78f0c
|
|
|
6c1422 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
6c1422 |
---
|
|
|
6c1422 |
docs/libcurl/opts/CURLOPT_CRLFILE.3 | 13 ++++++++-----
|
|
|
6c1422 |
lib/vtls/openssl.c | 8 ++++++--
|
|
|
6c1422 |
2 files changed, 14 insertions(+), 7 deletions(-)
|
|
|
6c1422 |
|
|
|
6c1422 |
diff --git a/docs/libcurl/opts/CURLOPT_CRLFILE.3 b/docs/libcurl/opts/CURLOPT_CRLFILE.3
|
|
|
6c1422 |
index 080caa7..f111585 100644
|
|
|
6c1422 |
--- a/docs/libcurl/opts/CURLOPT_CRLFILE.3
|
|
|
6c1422 |
+++ b/docs/libcurl/opts/CURLOPT_CRLFILE.3
|
|
|
6c1422 |
@@ -5,7 +5,7 @@
|
|
|
6c1422 |
.\" * | (__| |_| | _ <| |___
|
|
|
6c1422 |
.\" * \___|\___/|_| \_\_____|
|
|
|
6c1422 |
.\" *
|
|
|
6c1422 |
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
|
6c1422 |
+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
|
6c1422 |
.\" *
|
|
|
6c1422 |
.\" * This software is licensed as described in the file COPYING, which
|
|
|
6c1422 |
.\" * you should have received as part of this distribution. The terms
|
|
|
6c1422 |
@@ -34,10 +34,13 @@ concatenation of CRL (in PEM format) to use in the certificate validation that
|
|
|
6c1422 |
occurs during the SSL exchange.
|
|
|
6c1422 |
|
|
|
6c1422 |
When curl is built to use NSS or GnuTLS, there is no way to influence the use
|
|
|
6c1422 |
-of CRL passed to help in the verification process. When libcurl is built with
|
|
|
6c1422 |
-OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both
|
|
|
6c1422 |
-set, requiring CRL check against all the elements of the certificate chain if
|
|
|
6c1422 |
-a CRL file is passed.
|
|
|
6c1422 |
+of CRL passed to help in the verification process.
|
|
|
6c1422 |
+
|
|
|
6c1422 |
+When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and
|
|
|
6c1422 |
+X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the
|
|
|
6c1422 |
+elements of the certificate chain if a CRL file is passed. Also note that
|
|
|
6c1422 |
+\fICURLOPT_CRLFILE(3)\fP will imply \fBCURLSSLOPT_NO_PARTIALCHAIN\fP (see
|
|
|
6c1422 |
+\fICURLOPT_SSL_OPTIONS(3)\fP) since curl 7.71.0 due to an OpenSSL bug.
|
|
|
6c1422 |
|
|
|
6c1422 |
This option makes sense only when used in combination with the
|
|
|
6c1422 |
\fICURLOPT_SSL_VERIFYPEER(3)\fP option.
|
|
|
6c1422 |
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
|
6c1422 |
index 87f6c4c..9476773 100644
|
|
|
6c1422 |
--- a/lib/vtls/openssl.c
|
|
|
6c1422 |
+++ b/lib/vtls/openssl.c
|
|
|
6c1422 |
@@ -2564,11 +2564,15 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|
|
6c1422 |
X509_V_FLAG_TRUSTED_FIRST);
|
|
|
6c1422 |
#endif
|
|
|
6c1422 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN
|
|
|
6c1422 |
- if(!SSL_SET_OPTION(no_partialchain)) {
|
|
|
6c1422 |
+ if(!SSL_SET_OPTION(no_partialchain) && !ssl_crlfile) {
|
|
|
6c1422 |
/* Have intermediate certificates in the trust store be treated as
|
|
|
6c1422 |
trust-anchors, in the same way as self-signed root CA certificates
|
|
|
6c1422 |
are. This allows users to verify servers using the intermediate cert
|
|
|
6c1422 |
- only, instead of needing the whole chain. */
|
|
|
6c1422 |
+ only, instead of needing the whole chain.
|
|
|
6c1422 |
+
|
|
|
6c1422 |
+ Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we
|
|
|
6c1422 |
+ cannot do partial chains with CRL check.
|
|
|
6c1422 |
+ */
|
|
|
6c1422 |
X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
|
|
6c1422 |
X509_V_FLAG_PARTIAL_CHAIN);
|
|
|
6c1422 |
}
|
|
|
6c1422 |
--
|
|
|
6c1422 |
2.26.2
|
|
|
6c1422 |
|