[erlang-questions] Erlang SSL and Invalid Certificate Chains

Ingela Andin ingela.andin@REDACTED
Mon Aug 11 16:59:36 CEST 2014


2014-08-11 16:16 GMT+02:00 Ben Murphy <benmmurphy@REDACTED>:

> (I originally sent this to erlang-bugs but it doesn't look like it
> made it there)
> We have a problem where an SSL server sends back a certificate chain
> that is invalid according to the TLS 1.2 specification and erlang
> rejects this chain with an unknown ca error. However, openssl and
> browsers will accept this chain because they are less strict about
> validation.
> The chain looks something like:
> 0. Server Cert issued by Intermediate Cert
> 1. Intermediate Cert issued by Root Cert
> 2. Root Cert issued by Root Cert
> 3. Unrelated certificate
> 4. Unrelated certificate

What server is sending such a chain? Could you give me a concrete
example,maybe of list if you do not want to expose
it to the world.

> Which is invalid according to: http://www.ietf.org/rfc/rfc5246.txt
>    certificate_list
>       This is a sequence (chain) of certificates.  The sender's
>       certificate MUST come first in the list.  Each following
>       certificate MUST directly certify the one preceding it.  Because
>       certificate validation requires that root keys be distributed
>       independently, the self-signed certificate that specifies the root
>       certificate authority MAY be omitted from the chain, under the
>       assumption that the remote end must already possess it in order to
>       validate it in any case
> Looking at the openssl code they start at the beginning of the chain
> then recursively find the issuer in order to build up a chain. While
> the erlang ssl code assumes the last certificate in the chain is the
> root CA (ssl_certificate:trusted_cert_and_path).
It assumes that the last certificate is the ROOT or the certificate  just
the ROOT (as the ROOT cert may be left out as you said above) and if
the ROOT is left out it will try to find the ROOT in its database. If the
ROOT is part
of the chain it will still be looked up to make sure we already have it.

Maybe this is more of a feature request than a bug. But I was
> wondering if it would be possible for erlang to either accept these
> dodgy chains, provide an option when connecting to accept these dodgy
> chains or allow users to supply a function to modify the certificate
> chain before validation takes place.

You can use the verify_fun to accept any path validation errors you want,
at your own risk as you are lowering the security requirements by doing so.


Regards Ingela Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140811/e3f817e7/attachment.htm>

More information about the erlang-questions mailing list