[erlang-questions] Figuring out proper ssl certificate settings with 17.3
Vincent de Phily
vincent.dephily@REDACTED
Wed Jan 21 18:05:24 CET 2015
Hi,
we're trying to upgrade from 17.1 to 17.4 and are hitting authentication
failures, apparently due to the changes that introduced the partial_chain
option.
First some background:
* We want to authenticate both server and client
* We manage certificate ourselves, and don't care about the OS-supplied CAs.
* The signing hierarchy is
TopCA -> ServerCA -> Account1ServerCert
-> Account2ServerCert
-> ...
-> ClientCA -> Account1ClientCert
-> Account1Device1Cert
-> Account1Device2Cert
-> ...
-> Account2ClientCert
-> ...
* The server and test client are in erlang, the real clients are in various
languages (and we can't afford to update them).
What we used to do, works fine in 17.1:
server: {cert, Account1ServerCert}, {cacerts, [ClientCA]}
client: {cert, Account1Device1Cert}, {cacerts, [ServerCA]}
(in some cases we used the 'file' version of the option, but that doesn't
change the semantics AFAIK).
But that gives us an "unknown ca" error with 17.4.
The minimum list of cacerts that seems to work is [ServerCA,TopCA] for the
server and [clientCA,TopCA] for the client, but:
* Having to specify the TopCA is an administration pain (lots of configs to
change, and need to take the file out of the vault).
* I'd rather not send unnecessary bytes over the wire. Ideally I don't want to
send any root/intermediate CA, only the leaf cert.
* Huh ? Why does ClientCA not need to be in ther server's cacerts (and vice-
versa) ?
I guess some confusion comes from the fact that the cacerts option is used for
two different things (authenticating the cert received by the peer, and
sending intermediate CAs to the peer to help it authenticate me). Maybe the
option could be split in two ?
AFAIU, the new requirement for TopCA to be present comes from a tightening of
the check mandated by the RFC : the certificate chain (which one ? the one
sent by the client or the one set up locally) needs to end with a self-signed
cert.
I'll pass on the weirdness of that requirement (I'll trust whichever CA I
decide, wether it's self-signed or not, damnit), as it looks like
partial_chain is expressely designed to bypass it. But I wasn't able to write
one that worked *and* didn't look like a big security hole. Could somebody
write an example partial_chain fun that works for my usecase ?
Ideally, the docs could do with some clarifications :
* The spec for partial_chain has a typo (at least a missing '}')
Again, and example in the docs wouldn't go amiss.
* It's not clear which chain it acts uppon
* Is the semantic of cacertfile really different for the server and the
client ? From my knowledge of TLS, it should be symetrical (even if the
common real-world case is that the client doesn't authenticate itself), so
the option should be in the common section (next to cacerts with a note that
one is equivalent to the other).
Thanks in advance.
--
Vincent de Phily
More information about the erlang-questions
mailing list