MbedTLS Certificate Verification fails

[coisme]

description

Since this change, issued date and expiration date of certificates are checked by default. Programs that doesn't synchronize RTC will fail in certificate verification, including mbed-os-example-tls/tls-client example. Is this change intentional?

• What target does this relate to? Targets that have RTC are affected. In my case, FRDM-K64F.

• What toolchain (name + version) are you using? GCC_ARM, gcc-arm-none-eabi-6-2017-q2-update

• What tools (name + version - is it mbed-cli, online compiler or IDE) are you using? mbed-cli

• What is the SHA of Mbed OS (git log -n1 --oneline)? 63f62165d (HEAD -> master, origin/master, origin/HEAD) Merge pull request #7565 from OpenNuvoton/nuc472_emac_rst

Steps to Reproduce

Use an official example program for example.

With mbed-cli, follow this steps: $ mbed import https://github.com/ARMmbed/mbed-os-example-tls.git $ cd mbed-os-example-tls/tls-client/ $ mbed compile -t GCC_ARM -m K64F Run the application, TLS connection established successfully.

Starting mbed-os-example-tls/tls-client
Using Mbed OS 5.9.4
Successfully connected to os.mbed.com at port 443
Starting the TLS handshake...
Successfully completed the TLS handshake
Server certificate:
  cert. version     : 3
  serial number     : 03:56:D4:79:41:63:31:CA:E0:56:06:61
  issuer name       : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
  subject name      : C=GB, ST=Cambridgeshire, L=Cambridge, O=Arm Ltd, CN=*.mbed.com
  issued  on        : 2018-05-04 15:36:03
  expires on        : 2019-06-06 10:31:02
  signed using      : RSA with SHA-256
  RSA key size      : 2048 bits
  basic constraints : CA=false
  subject alt name  : *.mbed.com, mbed.org, *.mbed.org, mbed.com
  key usage         : Digital Signature, Key Encipherment
  ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication

Certificate verification passed
Established TLS connection to os.mbed.com
HTTP: Received 321 chars from server
HTTP: Received '200 OK' status ... OK
HTTP: Received message:
HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Wed, 01 Aug 2018 03:24:18 GMT
Content-Type: text/plain
Content-Length: 14
Last-Modified: Fri, 27 Jul 2012 13:30:34 GMT
Connection: keep-alive
ETag: "501297fa-e"
Expires: Wed, 01 Aug 2018 13:24:18 GMT
Cache-Control: max-age=36000
Accept-Ranges: bytes

Hello world!

DONE

Next, let's reproduce the error. Update mbed-os and recompile. $ cd mbed-os $ mbed udpate master $ cd .. $ mbed compile -t GCC_ARM -m K64F

When run the application, it fails.

Starting mbed-os-example-tls/tls-client
Using Mbed OS 99.99.99
Successfully connected to os.mbed.com at port 443
Starting the TLS handshake...
mbedtls_ssl_handshake() returned -0x2700

FAIL

Cause

The cause of this issue comes from this change. https://github.com/ARMmbed/mbed-os/blob/5ced8e4fdfa8fd781c0a39b29597762cedcedec6/features/mbedtls/platform/inc/platform_mbed.h#L24-L26 If MBEDTLS_HAVE_TIME_DATE is defined, issued date and expiration date are checked by these functions: https://github.com/ARMmbed/mbed-os/blob/63f62165d89f5562c529cd3ecb94823ce1dc7f13/features/mbedtls/src/x509.c#L999-L1017

However, the clock on the board has to be synchronized to work these functions correctly.

Before this change, MBEDTLS_HAVE_TIME_DATE was not defined, and these functions always returned 0. Issued date and expiration date were not checked. https://github.com/ARMmbed/mbed-os/blob/63f62165d89f5562c529cd3ecb94823ce1dc7f13/features/mbedtls/src/x509.c#L1021-L1031

Is this change to force sync RTC intentional?

Solution

Add time synchronization in the program. For example, I added NTPClient to mbed-os-example-tls/tls-client then the error resolved. https://github.com/coisme/Hello-TLSSocket/blob/3347d1dacc1eb468608942b5e4fdf76047853165/main.cpp#L25-L28

Issue request type

[X] Question
[ ] Enhancement
[] Bug

[ciarmcom]

ARM Internal Ref: MBOTRIAGE-1479

[simonbutcher]

This is a bug, and we need to fix it before the next release.

[coisme]

Ok, thank you for your confirmation!

[andresag01]

Hi @coisme,

Thank you for reporting this issue. I will try to answer each of your questions as best I can.

Since this change, issued date and expiration date of certificates are checked by default. ... Is this change intentional?

The change was introduced to take advantage of the RTC present in the targets that have it. This is why MBEDTLS_HAVE_DATE_TIME is only defined when DEVICE_RTC is defined in the patch you linked.

Programs that doesn't synchronize RTC will fail in certificate verification, including mbed-os-example-tls/tls-client example.

This is correct. In fact, this was reported in the original PR (https://github.com/ARMmbed/mbed-os/pull/4846) that introduces the change under "Migrations":

This patch modifies the behaviour of the X509 module in mbed TLS because now the certificate verification process will check that the certificates date/time validity is correct when it previously did not. For this to work correctly, the application needs to correctly set up the RTC with a call to set_time(). For example, this change causes the mbed TLS example application tls-client to fail.

However, I would like to point out that the failures can be avoided without the need to configure the clock. I submitted a PR (https://github.com/ARMmbed/mbed-os-example-tls/pull/109) to mbed-os-example-tls that illustrates how to do this. The idea was to have that merged shortly after the RTC patch was merged. There is also a GitHub issue reporting the problem (https://github.com/ARMmbed/mbed-os-example-tls/issues/192).

I hope this information helps, but please let me know if there are further questions.

(cc @sbutcher-arm)

[coisme]

Thank you for clarification. I understand very well!