[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7064) moznss SEC_ERROR_BAD_SIGNATURE with a certificate trusted by OpenSSL

To: openldap-its@OpenLDAP.org
Subject: (ITS#7064) moznss SEC_ERROR_BAD_SIGNATURE with a certificate trusted by OpenSSL
From: massimo.gravino@pd.infn.it
Date: Mon, 17 Oct 2011 17:00:19 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Massimo Gravino
Version: 2.4.23-15
OS: Scientific Linux 6.1
URL: 
Submission from: (NULL) (192.84.143.111)


We have an openldap server that uses LDAP over TLS/SSL and serves hundreds of
clients.

The CA used to sign the server certificate was created in 2005 with OpenSSL
0.9.7a.

The CA self signed certificate and the server certificate have been used until
now without any problem.

In the server configuration (/etc/openldap/slapd.conf) we use TLSCertificateFile
and TLSCertificateKeyFile to specify the path to the pem files of the
certificate and private key of the server, and TLSCACertificateFile for the path
to the pem file of the self signed certificate of the CA.
In the client configuration (/etc/openldap/ldap.conf) we only define TLS_CACERT
to specify the path to the pem file of the CA certificate.

Now we are not able to use the the CA certificate on new Scientific Linux 6.1
clients with openldap 2.4.23-15: the problem appears with the standard
openldap-2.4.23-15.el6 package that is compiled using MozNSS. If we recompile it
using OpenSSL, the problem disappears (to recompile I simply edit the .spec file
and omit -DHAVE_MOZNSS from the CFLAGS definition, change the --with-tls=no
option to --with-tls=openssl and rebuild with rpmbuild -ba).

This is the error obtained from the client with the original package when using
ldapsearch:

ldapsearch -x -d1
....
TLS: loaded CA certificate file /etc/openldap/cacerts/cacert.pem.
TLS: certificate [CN=my.server.name,OU=Sezione di
Padova,O=INFN,L=Padova,ST=Italia,C=IT] is not valid - error -8182:Unknown code
___f 10.
TLS: error: connect - force handshake failure: errno 21 - moznss error -8182
TLS: can't connect: TLS error -8182:Unknown code ___f 10.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

The problem appears to be related to our particular CA, that uses a DSA key.

I've never been able to reproduce the problem creating new CA with an rsa key;
however if possible I'd not change the the CA that signes my server certificate,
because in this case I should change the CA certificate on a lot of clients.
Nor I would manually recompile every new version of openldap packages.

So I collected all the steps necessary to reproduce this problem on Scientific
linux 6.1 server and client, with openldap 2.4.23-15 and openssl 1.0.0-10,
hoping that the problem will be considered a bug in MozNSS.

Certification Authority creation
--------------------------------
mkdir CA
cd CA/
mkdir certs crl newcerts private
touch index.txt
echo "01" > serial

edit /etc/pki/tls/openssl.cnf and change the dir definition in [ CA_default ] to
point to the CA/ directory

openssl dsaparam -out dsaparam.pem 2048
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -newkey
dsa:dsaparam.pem -days 5000

Server certificate creation and signing
---------------------------------------
openssl req -new -keyout key.pem -out req.pem -newkey rsa:2048 -nodes
openssl ca -policy policy_anything -out cert.pem -in req.pem

Now copy cert.pem and key.pem on the server, and cacert.pem on the server and
the client (may be the same machine) and change appropriately the values of
TLSCertificateFile, TLSCertificateKeyFile and TLSCACertificateFile in the server
configuration, and TLS_CACERT in the client configuration.

Start the server with
/usr/sbin/slapd -h ldaps:/// -u ldap -d 1

Then on the client use:
ldapsearch -x -d1

On the server side you should see something like this:
TLS: loaded CA certificate file /etc/openldap/cacerts/cacert.pem.
TLS: certificate [E=admin@my.domain,CN=server.fqdn,OU=Sezione di
Padova,O=INFN,L=Padova ,ST=Italia,C=IT] is valid
TLS: error: accept - force handshake failure: errno 21 - moznss error -12271
TLS: can't accept: TLS error -12271:Unknown code ___P 17.
connection_read(11): TLS accept failure error=-1 id=1000, closing
connection_close: conn=1000 sd=11

And on the client side:

TLS: loaded CA certificate file /etc/openldap/cacerts/cacert.pem.
TLS: certificate [E=admin@my.domain,CN=server.fqdn,OU=Sezione di
Padova,O=INFN,L=Padova,ST=Italia,C=IT] is not valid - error -8182:Unknown code
___f 10.
TLS: error: connect - force handshake failure: errno 21 - moznss error -8182
TLS: can't connect: TLS error -8182:Unknown code ___f 10.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Note that server says: certificate is valid but SSL peer cannot verify it
(moznss error -12271: SSL_ERROR_BAD_CERT_ALERT)

On the other side the client says: certificate is not valid because has an
invalid signature (moznss error -8182: SEC_ERROR_BAD_SIGNATURE)

As I said above, the problem disappears recompiling openldap with OpenSSL
instead of MozNSS.

Prev by Date: Re: (ITS#6900) dnattr acl statement: users can produce dangling entries
Next by Date: (ITS#7065) changeType: modify "replace/delete" trick causes segmentation fault in cn=config
Index(es):
- Chronological
- Thread