OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption

author: Jeremy Harris <jgh146exb@wizmail.org> 2019-05-05 19:23:37 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-05-05 21:31:43 +0100
commit: 4a1bd6b935ca5c5b70408a60036312d4825fd24e (patch)
tree: 266f9a1e9e40ee559b190d77a801613ad704e75c
parent: 11c4a22b0a2098d2ad7b9d210bc4a1bfc9742ff8 (diff)
4 files changed, 43 insertions, 24 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 211841f3f..aa7046e58 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -993,15 +993,16 @@ Observability:
  New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X="
  element.
 
- Variables $tls_{in,out}_resumption have bit 0-4 indicating respectively
+ Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively
  support built, client requested ticket, client offered session,
  server issued ticket, resume used.  A suitable decode list is provided
  in the builtin macro _RESUME_DECODE for ${listextract {}{}}.
 
 Issues:
  In a resumed session:
-  $tls_{in,out}_certificate_verified will be unset (undler OpenSSL)
-  verify = certificate will be false (undler OpenSSL)
+  $tls_{in,out}_certificate_verified will be set, and verify = certificate
+    will be true, when verify failed but tls_try_verify_hosts allowed the
+    connection (under OpenSSL)
   $tls_{in,out}_cipher will have values different to the original (under GnuTLS)
   $tls_{in,out}_ocsp will be "not requested" or "no response"
 
diff --git a/src/src/globals.h b/src/src/globals.h
index 1aacaf7e6..e98ff7fe1 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -108,6 +108,7 @@ typedef struct {
   BOOL	  host_resumable:1;
   BOOL	  ticket_received:1;
 #endif
+  BOOL	  verify_override:1;	/* certificate_verified only due to tls_try_verify_hosts */
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 4b3847712..ee52b7caa 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -526,6 +526,7 @@ if (ev)
       }
     DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
       "(host in tls_try_verify_hosts)\n");
+    tlsp->verify_override = TRUE;
     }
   X509_free(tlsp->peercert);
   tlsp->peercert = old_cert;
@@ -603,6 +604,7 @@ if (preverify_ok == 0)
     }
   DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
     "tls_try_verify_hosts)\n");
+  tlsp->verify_override = TRUE;
   }
 
 else if (depth != 0)
@@ -679,8 +681,9 @@ else
 	  tlsp->peercert = X509_dup(cert);	/* record failing cert */
 	return 0;				/* reject */
 	}
-      DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+      DEBUG(D_tls) debug_printf("SSL verify name failure overridden (host in "
 	"tls_try_verify_hosts)\n");
+      tlsp->verify_override = TRUE;
       }
     }
 
@@ -691,7 +694,6 @@ else
 
   DEBUG(D_tls) debug_printf("SSL%s verify ok: depth=0 SN=%s\n",
     *calledp ? "" : " authenticated", dn);
-  if (!*calledp) tlsp->certificate_verified = TRUE;
   *calledp = TRUE;
   }
 
@@ -748,7 +750,7 @@ DEBUG(D_tls) debug_printf("verify_callback_client_dane: %s depth %d %s\n",
 
 if (preverify_ok == 1)
   {
-  tls_out.dane_verified = tls_out.certificate_verified = TRUE;
+  tls_out.dane_verified = TRUE;
 #ifndef DISABLE_OCSP
   if (client_static_cbinfo->u_ocsp.client.verify_store)
     {	/* client, wanting stapling  */
@@ -2153,8 +2155,23 @@ if (tlsp->peercert)
     { DEBUG(D_tls) debug_printf("X509_NAME_oneline() error\n"); }
   else
     {
-    peerdn[siz-1] = '\0';
-    tlsp->peerdn = peerdn;		/*XXX a static buffer... */
+    int oldpool = store_pool;
+
+    peerdn[siz-1] = '\0';		/* paranoia */
+    store_pool = POOL_PERM;
+    tlsp->peerdn = string_copy(peerdn);
+    store_pool = oldpool;
+
+    /* We used to set CV in the cert-verify callbacks (either plain or dane)
+    but they don't get called on session-resumption.  So use the official
+    interface, which uses the resumed value.  Unfortunately this claims verified
+    when it actually failed but we're in try-verify mode, due to us wanting the
+    knowlege that it failed so needing to have the callback and forcing a
+    permissive return.  If we don't force it, the TLS startup is failed.
+    Hence the verify_override bodge - though still a problem for resumption. */
+
+    if (!tlsp->verify_override)
+      tlsp->certificate_verified = SSL_get_verify_result(ssl) == X509_V_OK;
     }
 }
 
diff --git a/test/log/5891 b/test/log/5891
index 1070bee0c..6edba3c0a 100644
--- a/test/log/5891
+++ b/test/log/5891
@@ -13,7 +13,7 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
@@ -26,31 +26,31 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbC-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00"
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbE-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
@@ -89,7 +89,7 @@
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
@@ -102,42 +102,42 @@
 1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbP-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbP-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00"
+1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00"
 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbR-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbR-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
 1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject	
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject	CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified	0
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified	1
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn	/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp	1
 1999-03-02 09:44:33 10HmbT-0005vi-00 cipher	TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbT-0005vi-00 bits	256
-1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption not requested or offered
author	Jeremy Harris <jgh146exb@wizmail.org>	2019-05-05 19:23:37 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-05-05 21:31:43 +0100
commit	4a1bd6b935ca5c5b70408a60036312d4825fd24e (patch)
tree	266f9a1e9e40ee559b190d77a801613ad704e75c
parent	11c4a22b0a2098d2ad7b9d210bc4a1bfc9742ff8 (diff)