Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A better support of partial chain mechanism #9768

Open
JaylinYu opened this issue Nov 12, 2024 · 0 comments
Open

A better support of partial chain mechanism #9768

JaylinYu opened this issue Nov 12, 2024 · 0 comments
Labels
component-x509 enhancement help-wanted This issue is not being actively worked on, but PRs welcome. size-s Estimated task size: small (~2d)

Comments

@JaylinYu
Copy link

JaylinYu commented Nov 12, 2024

Hi dear developers of mbedtls & ARM.
I am from NanoMQ(https://github.com/nanomq/nanomq/), our tls/ssl layer is based on mbedtls. Hereby I just wanna to share a thought with you guys, to verify if my assumption is correct.

I encountered a tricky issue while delivering an SDV solution to OEM. They have a long CACERT, 5 ROOT CA in one file. During handshake, Server sends "server hello done" & "certificate request" together to client, and mbedtls replies with only one ROOT CA in the long CA file. which result in Server reset the handshake with encryption alert 21. From SDK perspective, it is a 0x7880 error, similar to #5103.
BTW, Server side is an nginx LB, which is widely used in open source world.

Suggested enhancement

Then I started packet sniffering and digging into mbedtls's code base, and I found sth weird.
there is a long comments in static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
says:
"/*
* struct {
* ClientCertificateType certificate_types<1..2^8-1>;
* SignatureAndHashAlgorithm
* supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
* DistinguishedName certificate_authorities<0..2^16-1>;
* } CertificateRequest;
*
* Since we only support a single certificate on clients, let's just
* ignore all the information that's supposed to help us pick a
* certificate.
*
* We could check that our certificate matches the request, and bail out
* if it doesn't, but it's simpler to just send the certificate anyway,
* and give the server the opportunity to decide if it should terminate
* the connection when it doesn't like our certificate.
*
* Same goes for the hash in TLS 1.2's signature_algorithms: at this
* point we only have one hash available (see comments in
* write_certificate_verify), so let's just use what we have.
*
* However, we still minimally parse the message to check it is at least
* superficially sane.
*/"
then mbedtls only sends own_cert in mbedtls_ssl_write_certificate; after manually altering this part of mbedtls to send the whole CA Chain, the error is gone.

First of all, I am not expert in encryption and TLS/SSL, but seems like mbedtls's behaviour is different from other popular TLS SDK(python & Js always send whole CA Chain). And I searched for the details of the MTLS process, and it turns out the partial link is just an alternative option; some said it is legitimate for mbedtls to do so, some said it is a flaw of mbedtls.
But I am only wondering why mbedtls made such a decision; this issue is really giving me cancer these days. At least I hope lib could expose some API to let App decide whether to send whole CA Chain or not.

Justification

Mbed TLS need to give users more choice while dealing with long ca chain certificate

pcap file attached. mbedtls :
image

Javascript
image

@minosgalanakis minosgalanakis added enhancement help-wanted This issue is not being actively worked on, but PRs welcome. component-x509 size-s Estimated task size: small (~2d) labels Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component-x509 enhancement help-wanted This issue is not being actively worked on, but PRs welcome. size-s Estimated task size: small (~2d)
Projects
Status: No status
Development

No branches or pull requests

2 participants