search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.08k stars 2.52k forks source link

Validation of a server self-signed certificate #8509

Open irwir opened 8 months ago

irwir commented 8 months ago

In local ("closed circuit") or test environment it might be desired to use a self-signed certificate. For example, using a local email server to test ssl_mail_client application with TLS 1.3. Connection fails because the application is an SSL client, and validation for server certificate is required https://github.com/Mbed-TLS/mbedtls/blob/4dec9ebdc2d0e49a87cfd5f0d7bc2dc9d21beae9/library/ssl_tls13_generic.c#L629 The authmode may be modified only for server application (conditional block at the line 638). This temporary fix was made: int authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;

Is there an overlooked possibility to connect without library code changes?

irwir commented 7 months ago

A simplified question: Should the library allow change of validation mode for SSL clients?

davidhorstmann-arm commented 7 months ago

What are you trying to do specifically?

It should be possible to configure the self-signed certificates as trusted using mbedtls_ssl_conf_ca_chain() without any changes to the library.

See an example here.

irwir commented 7 months ago

https://github.com/Mbed-TLS/mbedtls/blob/3d12d6594649e5ce15642cdfaff78282c7d083d9/programs/ssl/ssl_mail_client.c#L176 In this example code verification could be performed after handshaking. In the current version of the library it becomes impossible.

If TLS 1.3 forbids delayed verification, the code of test mail client should be fixed. Otherwise the library code might need changes.

ronald-cron-arm commented 7 months ago

We have some related issues I think: #7075 and #7079.

irwir commented 7 months ago

Thanks, now it could be seen why an ordinary compilataion required quite a bit of extra efforts. Code examples should work "right out of the box", therefore certain changes would be expected.

mobsense commented 2 months ago

Here is a rough patch that allows client to use VERIFY_NONE and VERIFY_OPTIONAL.

Testing on 3.6.0. 

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d448a054a..23c708d0b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -645,6 +645,11 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
         authmode = ssl->conf->authmode;
     }
 #endif
+#if defined(MBEDTLS_SSL_CLI_C)
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        authmode = ssl->conf->authmode;
+    }
+#endif

     /*
      * If the peer hasn't sent a certificate ( i.e. it sent
@@ -739,9 +744,8 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
      * functions, are treated as fatal and lead to a failure of
      * mbedtls_ssl_tls13_parse_certificate even if verification was optional.
      */
-    if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-         ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
+    if ((authmode == MBEDTLS_SSL_VERIFY_NONE || authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) &&
+        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
         ret = 0;
     }