resumption problem

Viktor Dukhovni openssl-users at dukhovni.org
Mon Mar 30 09:12:58 UTC 2020 

On Mon, Mar 30, 2020 at 09:37:51AM +0100, Jeremy Harris wrote:

> On 30/03/2020 08:41, Dan Fulger wrote:
> > Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
> > But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
> 
> Fortunately, with Viktor's help, the application fix is a
> one-liner and is compatible across versions.

I am glad you have a work-around, but remain puzzled.  On a FreeBSD 12.1
system with OpenSSL 1.1.1d, I just built a version of "posttls-finger"
patched (hastily, with inadequate error checks) to also load a client CA
list into the client->server SSL context:

--- a/src/tls/tls_client.c
+++ b/src/tls/tls_client.c
@@ -432,6 +432,18 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
 	SSL_CTX_free(client_ctx);		/* 200411 */
 	return (0);
     }
+    if (props->CAfile) {
+        STACK_OF(X509_NAME) *calist = SSL_load_client_CA_file(props->CAfile);
+
+        SSL_CTX_set_client_CA_list(client_ctx, calist);
+        msg_info("loaded %d CA names", sk_X509_NAME_num(calist));
+    }
 
     /*
      * We do not need a client certificate, so the certificates are only

When I run this, and resume a TLS 1.3 session, it logs that 150 CA names
have been loaded, but none are sent in the resumption client hello,
which remains modestly sized:

    posttls-finger: loaded 150 CA names
    posttls-finger: SSL_connect:before SSL initialization
    posttls-finger: write to 80127A100 [80136B000] (517 bytes => 517 (0x205))
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS read server hello
    posttls-finger: SSL_connect:TLSv1.3 read encrypted extensions
    posttls-finger: SSL_connect:SSLv3/TLS read server certificate
    posttls-finger: SSL_connect:TLSv1.3 read server certificate verify
    posttls-finger: SSL_connect:SSLv3/TLS read finished
    posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
    posttls-finger: write to 80127A100 [80136B000] (80 bytes => 80 (0x50))
    posttls-finger: SSL_connect:SSLv3/TLS write finished
    posttls-finger: SSL_connect:SSL negotiation finished successfully
    posttls-finger: SSL_connect:SSL negotiation finished successfully
    posttls-finger: save session ... to memory cache
    posttls-finger: SSL_connect:SSLv3/TLS read server session ticket

    posttls-finger: reloaded session ... from memory cache
    posttls-finger: SSL_connect:before SSL initialization
    posttls-finger: write to 80127A100 [80136B000] (638 bytes => 638 (0x27E))
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS read server hello
    posttls-finger: SSL_connect:TLSv1.3 read encrypted extensions
    posttls-finger: SSL_connect:SSLv3/TLS read finished
    posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
    posttls-finger: write to 80127A100 [80136B000] (80 bytes => 80 (0x50))
    posttls-finger: SSL_connect:SSLv3/TLS write finished
    posttls-finger: Untrusted TLS connection established to ... TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)

As expected, CA names loaded via SSL_CTX_set_client_CA_list() are not
sent in the client->server direction, either initially, or on
resumption.

-- 
    Viktor.

More information about the openssl-users mailing list