search

eclipse / mosquitto

Eclipse Mosquitto - An open source MQTT broker
https://mosquitto.org
Other
8.93k stars 2.37k forks source link

Security Regression: Mosquitto client connects without verifying broker CA file #2133

Open becz opened 3 years ago

becz commented 3 years ago

Follow-up to #2130

The provided fix does not entirely fix the issue.

I run further tests with new library 1.6.14 and observed further "unexpected connect" which is not present with library 1.4.15

I did the following in conjunction with the example project provided in #2130

  1. Use broker with tls enabled and without client authentication (like test.mosquitto.org:8883)

  2. Create empty ca file on client side (e.g. touch InvalidCa.crt)

  3. Start example project (NameOfBinary PathToCaFile) --- observe library does not connect --- (OK)

  4. Write valid certificate for the broker into InvalidCa.crt --- observe library connected to broker --- (OK)

  5. Make sure library disconnects (e.g. switch ethernet off for a while)

  6. Write certificate of "other broker" into InvalidCa.crt (CommonName of certificate does not match host we are connecting to)

  7. Make sure library can connect (e.g. switch ethernet on) --- observe library connected to broker --- (UNEXPECTED)

Output of example program:

library version: 1.6.14
mosquitto_tls_set returned: 0 (No error.)
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".
mosquitto_connect_async returned: 8 (A TLS error occurred.)
mosquitto_loop_start returned: 0 (No error.)
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".
Log: Error: Unable to load CA certificates, check cafile "caInvalid.crt".

--> Write valid certificate data to caInvalid.crt 

Log: Client myLoopTest sending CONNECT
Log: Client myLoopTest received CONNACK (0)
Connected!

--> Disconnect client from broker (e.g. switch ethernet off for a while) 

Disconnected! (7)

--> Write certificate of "other broker" into InvalidCa.crt and enable connection to broker 

Log: Client myLoopTest sending CONNECT
Log: Client myLoopTest received CONNACK (0)
Connected!

best regards, Benjamin

ralight commented 3 years ago

I don't believe this is a security regression. The client still validates the server certificate using the original CA certificate, so the connection is still valid. It will also trust an additional CA certificate when you add the second certificate.

mm-ark commented 3 years ago

The "original CA certificate" was actually overwritten in step 6. So after step 6 the "other broker certificate" in not the second but the only one within InvalidCa.crt library 1.4.15 does not connect after step 6, so expectation is same for library 1.6.14