[openssl-dev] Fwd: OpenSSL fails to connect to Google on OS X 10.10.3 (Bug Report)

Tue Apr 21 14:43:58 UTC 2015

Hi Matt,

Thanks for the reply on this, and for backporting the fix to 1.0.2!
Having it available to 1.0.1 would be great too, but appreciate the
OpenSSL team isn't huge.

Is there any timetable on the 1.0.2b release? It seems pulling the
following three commits into the 1.0.2a branch and patching:

47daa155a31b0a54ce09ad2ed4d55fad74096dab
dfd3322d72a2d49f597b86dab6f37a8cf0f26dbf
6281abc79623419eae6a64768c478272d5d3a426

Does the job. Verification against Google domains with an OS X 10.10.3+
Keychain-generated PEM works great. Usually pretty reluctant to
cherry-pick patches on security tools but given the trouble this is
causing, am I safe to do so in this situation?

Thanks,

Dominyk

Sent from OS X. If you wish to communicate more securely my PGP Public
Key is 0x872524db9d74326c.

On 20/04/2015 23:52, Matt Caswell wrote:
> 
> 
> On 18/04/15 14:30, Dominyk Tiller wrote:
>> Apologies. Either I'm an idiot or autocorrect is feeling amusing
>> today. I meant https://gist.github.com/DomT4/f86618bdfe2f27c8d66a
>> rather than https://gist.github.cok/DomT4/f86618bdfe2f27c8d66a.
> 
>> Sent from OS X. If you wish to communicate more securely my PGP
>> Public Key is 0x872524db9d74326c.
> 
> 
>> -------- Forwarded Message -------- Subject: OpenSSL fails to
>> connect to Google on OS X 10.10.3 (Bug Report) Date: Sat, 18 Apr
>> 2015 14:16:14 +0100 From: Dominyk Tiller <dominyktiller at gmail.com> 
>> To: openssl-dev at openssl.org
> 
>> Apologies that this is kinda badly written. Detailed bug reports
>> aren't my forte. Feel free to ping back questions if detail isn't
>> clear/useful/etc.
> 
>> OS X 10.10.3’s release changed some certs in the Keychain. There’s
>> a full list of changes here: 
>> https://gist.github.cok/DomT4/f86618bdfe2f27c8d66a
> 
>> This has caused some chaos with OpenSSL and LibreSSL, in things
>> built against them, using a .pem generated from OS X’s Keychains.
>> The biggest, most popular affected sites are the whole range of
>> Google domains.
> 
>> Google cross-sign their GeoTrust root with an old Equifax root
>> (Equifax Secure Certificate Authority) because a lot of the older
>> clients don’t have the GeoTrust root on their system and would just
>> error out. Have emailed with Adam Langley on the cert errors and
>> essentially Google aren’t going to be able to stop that
>> cross-signing any time soon.
> 
>> According to Adam most SSL clients should go through the cert chain
>> of the domain and hit the GeoTrust cert and verify at that point,
>> if the GeoTrust root exists in a .pem file OpenSSL can find and
>> use, which does exist when generating a PEM from the system
>> Keychains. It’s not supposed to carry on to the Equifax root, but
>> it is, and this is causing breakage on OS X 10.10.3 onwards.
> 
> Hi Dominyk
> 
> This is a known issue. It has been fixed in git master for a while.
> Technically speaking this is not a bug at all. OpenSSL's verification
> algorithm is working exactly as designed. For that reason a decision
> was taken not to backport this to existing releases (which only
> receives bug fixes). However, due to the real problems that this is
> causing for users, we have changed our mind on this and we have now
> backported this to 1.0.2. It's in git now and will become available as
> part of 1.0.2b. Discussions are ongoing with regards to 1.0.1.
> 
> Regards
> 
> Matt
> 
> 
> 
> 
>> This problem only exists in OpenSSL and LibreSSL as far as testing
>> goes. It isn’t reproducible with Apple’s Security Framework, or
>> GnuTLS.
> 
>> Interestingly, Apple have done something to their shipped OpenSSL
>> 0.9.8x to fix the problem - If I build OpenSSL 0.9.8x from source
>> and use it, failure, but if I use the one Apple installs the
>> connection verifies and succeeds. Here’s hoping they’ve punted
>> whatever those changes were upstream to you.
> 
>> This is the error you get:
> 
>> ================================================== —2015-04-10
>> 16:58:58—  https://google.com/ Resolving google.com… 216.58.210.46,
>> 2a00:1450:4009:800::200e Connecting to
>> google.com|216.58.210.46|:443… connected. ERROR: cannot verify
>> google.com’s certificate, issued by ‘CN=Google Internet Authority
>> G2,O=Google Inc,C=US’: Unable to locally verify the issuer’s
>> authority. To connect to google.com insecurely, use
>> `—no-check-certificate’. 
>> ==================================================
> 
>> How to reproduce:
> 
>> * Install OpenSSL on OS X 10.10.3 or above. I have it installed to 
>> /usr/local/opt/openssl - With the sysconfdir in /usr/local/etc.
> 
>> * Generate a PEM file from OS X’s Security Keychain: * security
>> find-certificate -a -p /Library/Keychains/System.keychain >> 
>> sys.pem * security find-certificate -a -p 
>> /System/Library/Keychains/SystemRootCertificates.keychain >>
>> sysroot.pem * cat sys.pem >> sysroot.pem * mv sysroot.pem
>> /usr/local/etc/openssl
> 
>> * Download and install cURL: * Pass
>> “—with-ssl=/path/to/openssl/dir” and 
>> “--with-ca-bundle=/path/to/sysconfdir/openssl/sysroot.pem” to
>> configure.
> 
>> * Run “/path/to/your/installed/curl -I https://google.com”
> 
>> It reproduces with wget, mutt, various other tools. If you put the 
>> Equifax certificate back, and then rehash, you can make the
>> connection. But the Equifax cert is old, and weak, and Apple aren’t
>> likely to return it to the Keychain. So this problem connecting to
>> Google will persist until the reason for not stopping at and
>> verifying on the GeoTrust root are narrowed down and hopefully
>> fixed.
> 
>> Mozilla are also pressing ahead with removing that Equifax root
>> from their certs, so it’s not a simple case of working around it by
>> switching PEM.
> 
> 
> 
>> _______________________________________________ openssl-dev mailing
>> list To unsubscribe:
>> https://mta.openssl.org/mailman/listinfo/openssl-dev
> 
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150421/dfa48984/attachment.sig>