wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.36k stars 835 forks source link

OCSP stapling with HAProxy as a server #7588

Open vkssv opened 6 months ago

vkssv commented 6 months ago

Version

v5.7.0-stable

Description

Hello guys !

We have some user requests to make work OCSP stapling extension with haproxy process as a server, i.e. haproxy loads, parses by itself OCSP response for the given server certificate and provides the status to clients.

haproxy is linked with libwolfssl.so.42, compiled from v5.7.0-stable.

We have some problems to make OCSP extension work, in spite of the support, which was added in our source code via this patch 3cbf09ed6411 "MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode" in haproxy ".

We have the following workflow for processing OCSP response files in DER format:

  1. haproxy starts and loads from the filesystem some server certificate and its corresponding OCSP response;
  2. it calculates CertID and it sets OCSP stapling callback here;
  3. it finally parses and checks OCSP response file by itself here.

Problems have started already, when we try to check CertID length via wolfSSL_i2d_OCSP_CERTID helper here. From the wolfSSL_i2d_OCSP_CERTID code we can see, that it uses rawCertId and rawCertIdSize fields from OcspEntry structure, which are not filled by wolfSSL_OCSP_cert_to_id. Could you, please, provide some explanations on this ?

When we did some workaround and started to simply check in our code the total length of OcspEntry->issuerHash + OcspEntry->issuerKeyHash + OcspEntry->status->serial < OCSP_MAX_CERTID_ASN1_LENGTH (128 bytes),

we could advance further and could finally call wolfSSL_CTX_set_tlsext_status_cb, which triggers the path: wolfSSL_CTX_EnableOCSPStapling --> wolfSSL_CertManagerEnableOCSPStapling --> cm->ocspStaplingEnabled = 1 and sets our ssl_sock_ocsp_stapling_cbk callback function.

Then we could also successfully parse DER OCSP response, wolfSSL_d2i_OCSP_RESPONSE works as expected. So, finally we've successfully loaded and checked OCSP response data, but still no OCSP extension provided in SERVER HELLO, when a client sends CLIENT HELLO with Certificate Status Request (TLSv1.2).

From WolfSSL debug logs we see that SendCertificateStatus returns 0 in the case:

wolfSSL Entering wolfSSL_new
wolfSSL Entering ReinitSSL
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data)         = 128
opened /dev/urandom.
rnd read...
wolfSSL Entering SetSSL_CTX
wolfSSL Entering wolfSSL_set_options
    SSL_OP_ALL
    WOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2
    SSL_OP_NO_TLSv1_1
    SSL_OP_NO_TLSv1
    SSL_OP_NO_SSLv3
    WOLFSSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_NO_COMPRESSION: compression not compiled in
wolfSSL Entering wolfSSL_NewSession
InitSSL done. return 0 (success)
wolfSSL_new InitSSL success
wolfSSL Leaving wolfSSL_new InitSSL =, return 0
wolfSSL Entering wolfSSL_BIO_new
wolfSSL Stub wolfSSL_BIO_set_init not implemented
...
wolfSSL Entering wolfSSL_accept
wolfSSL Entering ReinitSSL
wolfSSL Entering RetrySendAlert
wolfSSL Entering RetrySendAlert
wolfSSL Entering BioReceive
wolfSSL Entering wolfSSL_BIO_read
wolfSSL Entering wolfSSL_BIO_get_data
wolfSSL Entering wolfSSL_BIO_clear_retry_flags
Client attempting to connect with different version
growing input buffer
wolfSSL Entering BioReceive
wolfSSL Entering wolfSSL_BIO_read
wolfSSL Entering wolfSSL_BIO_get_data
wolfSSL Entering wolfSSL_BIO_clear_retry_flags
received record layer msg
got HANDSHAKE
wolfSSL Entering wolfSSL_get_options
wolfSSL Entering DoTls13HandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
wolfSSL Entering DoTls13HandShakeMsgType
processing client hello
wolfSSL Entering DoTls13ClientHello
wolfSSL Entering DoClientHello
    downgrading to TLSv1.2
Matched No Compression
Adding signature algorithms extension
Point Formats extension received
Supported Groups extension received
Session Ticket extension received
Certificate Status Request extension received
Encrypt-Then-Mac extension received
Extended Master Secret extension received
Signature Algorithms extension received
TLSX SigAlgo list exceeds max, truncating
wolfSSL Entering ALPN_Select
Calling user cert setup callback
wolfSSL Entering wolfSSL_get_client_suites_sigalgs
wolfSSL Entering wolfSSL_version
Unsupported cipher suite, CipherRequires
....
wolfSSL Entering wolfSSL_CTX_get_verify_mode
....
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
wolfSSL Entering SendServerHello
growing output buffer
wolfSSL Entering wolfSSL_get_options
Session Ticket extension to write
Point Formats extension to write
Secure Renegotiation extension to write
EMS extension to write
wolfSSL Leaving SendServerHello, return 0
accept state SERVER_HELLO_SENT
wolfSSL Entering SendCertificate
growing output buffer
wolfSSL Leaving SendCertificate, return 0
accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
wolfSSL Leaving SendCertificateStatus, return 0

According to the code from SendCertificateStatus, it seems, that we should enter in case WOLFSSL_CSR2_OCSP:. Unfortunately, CreateOcspResponse does not contain any traces to simply check where it fails.

From CreateOcspResponse code we can see that probably it does not suppose to exit on:

 /* unable to fetch status. skip. */
    if (SSL_CM(ssl) == NULL || SSL_CM(ssl)->ocspStaplingEnabled == 0)
        return 0;

check, as SSL_CM(ssl)->ocspStaplingEnabled was set to one.

We have an intention to make work OCSP and we could probably investigate further, but there are some worries about the fact that wolfSSL_CertManagerEnableOCSPStapling along with ocspStaplingEnabled = 1 also sets the built-in OCSP lookup here (EmbedOcspLookup). In this lookup you build and send OCSP request to the detected OCSP URI. This is quite same logic, that we do on our side in ssl_ocsp_update_responses.

So could you please, confirm, that, if we reset cm->ocspIOCb and cm->ocspRespFreeCb to NULL, as we update OCSP responses by ourselves, we do not have any other drawbacks and we are on the right way to make things work. And could you also provide to us some hints, where potentially SendCertificateStatus or CreateOcspResponse may fail.

Many thanks in advance, Kind regards.

vkssv commented 6 months ago

I've looked on it again, so some updates from our side:

SendCertificateStatus finishes with 0 as status_type here is always stays as zero, in spite that we've compiled with HAVE_CERTIFICATE_STATUS_REQUEST, HAVE_CERTIFICATE_STATUS_REQUEST_V2 ./configure --enable-haproxy --enable-debug --enable-quic --prefix=/opt/wolfssl-5.7.0

So we enter in the default case here, which does nothing :/

We've expected to enter in this case WOLFSSL_CSR2_OCSP:, while calling from haproxy code SSL_do_handshake.

So, it will be helpful for us, if you have some ideas, why finished with status_type == 0, while simply testing:

/usr/bin/openssl s_client -connect localhost:1443 -status -tls1_2

haproxy.cfg:

frontend fe_ssl
...
bind *:1443 ssl crt show_ocsp_server.pem

SSL

Kind regards,

vkssv commented 6 months ago

If I slightly change enum to make WOLFSSL_CSR2_OCSP = 0, in order that we enters to case WOLFSSL_CSR2_OCSP: from SendCertificateStatus, it exists with 0, but it does not work anyway.

I have this output in the log:

...
got HANDSHAKE
wolfSSL Entering wolfSSL_get_options
wolfSSL Entering DoTls13HandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
wolfSSL Entering DoTls13HandShakeMsgType
processing client hello
wolfSSL Entering DoTls13ClientHello
wolfSSL Entering DoClientHello
    downgrading to TLSv1.2
Matched No Compression
Adding signature algorithms extension
Point Formats extension received
Supported Groups extension received
Session Ticket extension received
Certificate Status Request extension received
Encrypt-Then-Mac extension received
Extended Master Secret extension received
Signature Algorithms extension received
TLSX SigAlgo list exceeds max, truncating
wolfSSL Entering ALPN_Select
Calling user cert setup callback
wolfSSL Entering wolfSSL_get_client_suites_sigalgs
wolfSSL Entering wolfSSL_version
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
wolfSSL Entering wolfSSL_CTX_get_verify_mode
wolfSSL Leaving wolfSSL_CTX_get_verify_mode, return 0
wolfSSL Entering wolfSSL_set_verify
wolfSSL Entering wolfSSL_CTX_get_client_CA_list
wolfSSL Entering wolfSSL_sk_X509_NAME_num
wolfSSL Entering wolfSSL_dup_CA_list
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_set_client_CA_list
wolfSSL Entering wolfSSL_set_SSL_CTX
wolfSSL Entering wolfSSL_CTX_free
CTX ref count not 0 yet, no free
wolfSSL Leaving wolfSSL_CTX_free, return 0
User cert callback returned success
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Requires AEAD
Verified suite validity
wolfSSL Leaving DoClientHello, return 0
wolfSSL Leaving DoTls13ClientHello, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg, return 0
Shrinking input buffer
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
wolfSSL Entering SendServerHello
growing output buffer
wolfSSL Entering wolfSSL_get_options
Session Ticket extension to write
Point Formats extension to write
Secure Renegotiation extension to write
EMS extension to write
wolfSSL Leaving SendServerHello, return 0
accept state SERVER_HELLO_SENT
wolfSSL Entering SendCertificate
growing output buffer
wolfSSL Leaving SendCertificate, return 0
accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering GetAlgoId
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthInfo
No CA signer to verify with
ParseCert failed
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering FreeOcspRequest
wolfSSL Leaving SendCertificateStatus, return 0
accept state CERT_STATUS_SENT

So, could you please help us on it, otherwise it begins to long to debug. Seems that something missing in OCSP server side implementation.

anhu commented 6 months ago

Hi @vkssv , Thank you so much for all the details and work that you have put into this issue you are having. Sorry our response time is a little slow as this is an American holiday today so most of our staff is out.

I see your configuration command is ./configure --enable-haproxy --enable-debug --enable-quic --prefix=/opt/wolfssl-5.7.0 and you are using wolfSSL 5.7.0. Can you give exact steps to reproduce?

For example, how are you building and executing haproxy? Do I need any certificates or keys to reproduce? I see the peer is openSSL s_client. Does it need a CA certificate?

This might be much simpler if we can reproduce this using our examples/server/server and examples/client/client and that is why I am asking about all these artifacts.

Its great to see haproxy/wolfssl interest on constrained embedded devices. Lets see if we can get this working!

anhu commented 6 months ago

Hi @vkssv ,

Does https://github.com/wolfSSL/wolfssl/pull/7593 fix this issue?

Warm regards, Anthony

vkssv commented 6 months ago

Hi Anthony ! Thank you for the swift reply !

No #7593 does not fix the issue completely, it just allows to load and validate OCSP response file in DER format with HAProxy. I've provided this patch as a pull request to you to illustrate, what is probably missed/overlooked in i2d_OCSP_CERTID and in OCSP_id_cmp OpenSSL compatibility API functions.

I see your configuration command is ./configure --enable-haproxy --enable-debug --enable-quic --prefix=/opt/wolfssl-5.7.0 and you are using wolfSSL 5.7.0. Can you give exact steps to reproduce?

For example, how are you building and executing haproxy? Do I need any certificates or keys to reproduce? I see the peer is openSSL s_client. Does it need a CA certificate?

  1. I take wolfSSL 5.7.0 stable branch and apply on top of it this patch #7593

  2. cd wolfssl && ./configure --enable-haproxy --enable-debug --enable-quic --prefix=/opt/wolfssl-5.7.0

  3. make && make install

  4. take the latest haproxy master and compile it with following options: cd haproxy && make -j $(nproc) OPT_CFLAGS=-O0 TARGET=generic USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=/opt/wolfssl-5.7.0/include SSL_LIB=/opt/wolfssl-5.7.0/lib

  5. stay in haproxy source folder and unzip attached config.zip, it contains configuration file + using certificate (.pem), OCSP response file, that I could load (thanks to the patch) + corresponded to PEM `.issuer` file. Screenshot at 2024-05-29 19-15-03

  6. start haproxy: haproxy master$ ./haproxy -f haproxy_wolfssl.cfg You can put it in daemon mode by enabled commented #daemon keyword in the global section.

If you could launch under GDB and put the breakpoint as:

$ gdb haproxy
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
...
(gdb) break src/ssl_sock.c:ssl_sock_load_ocsp
Breakpoint 1 at 0x4c048: file src/ssl_sock.c, line 1111.
(gdb) set args -f haproxy_wolfssl.cfg 
(gdb) run
Starting program: /home/vk/projects/haproxy/haproxy -f haproxy_wolfssl.cfg 

you could follow the logic of ssl_sock_load_ocsp, which at first, calculates CertID and then loads and validates show_ocsp_server.pem.ocsp by using OpenSSL compatibility API layer. Like this you could understand better our workflow for enabling OCSP stapling.

  1. At this moment haproxy is started and listening on localhost:1443, so you can try to ask OCSP status for the using show_ocsp_server.pem with openssl s_client like this:
$ /usr/bin/openssl s_client -connect localhost:1443 -status
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = FR, O = HAProxy Technologies, CN = Server Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = FR, O = HAProxy Technologies, CN = Server Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = FR, O = HAProxy Technologies, CN = Server Certificate
verify return:1
OCSP response: no response sent
---
Certificate chain
 0 s:C = FR, O = HAProxy Technologies, CN = Server Certificate
   i:C = FR, O = HAProxy Technologies, CN = Root CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 10 08:54:19 2021 GMT; NotAfter: Oct 26 08:54:19 2048 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
...

Then you could look to my previous post, when I explain that SendCertificateStatus, which performs OCSP stapling always finishes with 0, but does not fill Certificate Status extention. This happens, when haproxy code calls SSL_do_handshake.

We've noticed this comment under struct OcspEntry here. For us it seems that the problem is that wolfSSL_i2d_OCSP_CERTID, which maps to i2d_OCSP_CERTID in openssl/ssl.h are not really compatible and some part is also missing around SendCertificateStatus from internal.c

I'll look soon on your our examples/server/server and examples/client/client and try to adjust it, to eliminate haproxy from the chain. Sorry for insisting on it, but we need to keep in mind, that haproxy uses compatible OpenSSL API for OCSP. So, if from your side the support of these APIs is not yet ready, it would be great to look, what we could do together to finish it ;)

Kind regards,

anhu commented 5 months ago

Hi @vkssv ,

I've assigned our OCSP expert, @ejohnstown to look into this for you. Please stay tuned in case he needs further information or has new updates.

Warm regards, Anthony

vkssv commented 5 months ago

Hi Anthony ! Hi John !

Thanks a lot for the support.

I lastly revert my workaround for wolfSSL_i2d_OCSP_CERTID, when compiled with HAPROXY_ENABLED. And I've tried from my side this patch in our ssl_sock_load_ocsp from src/ssl_sock.c below. Steps to reproduce are the same.

vk@vk:~/projects/haproxy master$ git diff
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index d145fb485..cbaf25c6e 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -5,6 +5,8 @@
 #ifdef USE_OPENSSL_WOLFSSL
 #define TLSEXT_MAXLEN_host_name 255
 #include <wolfssl/options.h>
+#include <wolfssl/internal.h>
+
 #endif

 #ifdef USE_OPENSSL_AWSLC
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e6bf3ff17..ab580bd0c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1114,7 +1114,7 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
        int i, ret = -1;
        struct certificate_ocsp *ocsp = NULL, *iocsp;
        char *warn = NULL;
-       unsigned char *p;
+       unsigned char *p = NULL;
 #ifdef USE_OPENSSL_WOLFSSL
        /* typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*); */
        tlsextStatusCb callback = NULL;
@@ -1168,17 +1168,24 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
        if (!data->ocsp_cid)
                goto out;

-       i = i2d_OCSP_CERTID(data->ocsp_cid, NULL);
-       if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
-               goto out;
+       int issuer_raw_len = (int)issuer->derCert->length;
+       const unsigned char* issuer_raw = (const unsigned char*)issuer->derCert->buffer;
+
+       d2i_OCSP_CERTID(&data->ocsp_cid, &issuer_raw, issuer_raw_len);
+       /* i = i2d_OCSP_CERTID(data->ocsp_cid, NULL);
+        * if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
+        * goto out;
+        */

        path_len = strlen(path);
        ocsp = calloc(1, sizeof(*ocsp) + path_len + 1);
        if (!ocsp)
                goto out;

-       p = ocsp->key_data;
-       ocsp->key_length = i2d_OCSP_CERTID(data->ocsp_cid, &p);
+       /* p = ocsp->key_data; */
+       i2d_OCSP_CERTID(data->ocsp_cid, &p);
+       ocsp->key_length = OCSP_MAX_CERTID_ASN1_LENGTH;
+       memcpy(ocsp->key_data, p, OCSP_MAX_CERTID_ASN1_LENGTH);

        HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
        iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
vk@vk:~/projects/haproxy master$ 

And these changes in wolfSSL v.5.7.0:

vk@vk:~/projects/wolfssl v5.7.0-stable-vk$ git diff
diff --git a/src/ocsp.c b/src/ocsp.c
index 73b15b60a..d5e0b0143 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -1295,9 +1295,9 @@ int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b)
     if (a == NULL || b == NULL)
         return WOLFSSL_FATAL_ERROR;

-    ret = a->hashAlgoOID != b->hashAlgoOID;
-    if (ret == 0)
-        ret = XMEMCMP(a->issuerHash, b->issuerHash, OCSP_DIGEST_SIZE);
+    //ret = a->hashAlgoOID != b->hashAlgoOID;
+    //if (ret == 0)
+    ret = XMEMCMP(a->issuerHash, b->issuerHash, OCSP_DIGEST_SIZE);
     if (ret == 0)
         ret = XMEMCMP(a->issuerKeyHash, b->issuerKeyHash, OCSP_DIGEST_SIZE);
     if (ret == 0) {
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index f12d32a23..4138b4ff7 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -3970,7 +3970,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
 /* Certificate Status Request v2 */
 /* Certificate Status Type */
 enum {
-    WOLFSSL_CSR2_OCSP = 1,
+    WOLFSSL_CSR2_OCSP = 0,
     WOLFSSL_CSR2_OCSP_MULTI = 2
 };

This allows to load our OCSP file in DER format, but I still have the same problem.

In the wolfSSL logs I see that there is probably the problem, while the given show_ocsp_server.pem is parsed, while we ask: /usr/bin/openssl s_client -connect localhost:1443 -status -tls1_2

wolfSSL Entering wolfSSL_new
wolfSSL Entering ReinitSSL
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data)         = 128
opened /dev/urandom.
rnd read...
wolfSSL Entering SetSSL_CTX
wolfSSL Entering wolfSSL_set_options
    SSL_OP_ALL
    WOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2
    SSL_OP_NO_TLSv1_1
    SSL_OP_NO_TLSv1
    SSL_OP_NO_SSLv3
    WOLFSSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_NO_COMPRESSION: compression not compiled in
Disabling TLS 1.1
Disabling TLS 1.0
wolfSSL Entering wolfSSL_NewSession
InitSSL done. return 0 (success)
wolfSSL_new InitSSL success
wolfSSL Leaving wolfSSL_new InitSSL =, return 0
wolfSSL Entering wolfSSL_BIO_new
wolfSSL Stub wolfSSL_BIO_set_init not implemented
wolfSSL Entering wolfSSL_BIO_set_data
wolfSSL Entering wolfSSL_BIO_clear_flags
wolfSSL Entering wolfSSL_BIO_set_data
wolfSSL Entering wolfSSL_set_bio
wolfSSL Entering wolfSSL_BIO_set_flags
wolfSSL Entering wolfSSL_BIO_set_flags
wolfSSL Entering wolfSSL_set_ex_data
wolfSSL Entering wolfSSL_CRYPTO_set_ex_data
wolfSSL Entering wolfSSL_set_accept_state
wolfSSL Entering wolfSSL_SSL_do_handshake
wolfSSL Entering wolfSSL_SSL_do_handshake_internal
wolfSSL Entering wolfSSL_accept
wolfSSL Entering ReinitSSL
wolfSSL Entering RetrySendAlert
wolfSSL Entering RetrySendAlert
wolfSSL Entering BioReceive
wolfSSL Entering wolfSSL_BIO_read
wolfSSL Entering wolfSSL_BIO_get_data
wolfSSL Entering wolfSSL_BIO_clear_retry_flags
Client attempting to connect with different version
growing input buffer
wolfSSL Entering BioReceive
wolfSSL Entering wolfSSL_BIO_read
wolfSSL Entering wolfSSL_BIO_get_data
wolfSSL Entering wolfSSL_BIO_clear_retry_flags
received record layer msg
got HANDSHAKE
wolfSSL Entering wolfSSL_get_options
wolfSSL Entering DoTls13HandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
wolfSSL Entering DoTls13HandShakeMsgType
processing client hello
wolfSSL Entering DoTls13ClientHello
wolfSSL Entering DoClientHello
    downgrading to TLSv1.2
Matched No Compression
Adding signature algorithms extension
Point Formats extension received
Supported Groups extension received
Session Ticket extension received
Certificate Status Request extension received
Encrypt-Then-Mac extension received
Extended Master Secret extension received
Signature Algorithms extension received
TLSX SigAlgo list exceeds max, truncating
wolfSSL Entering ALPN_Select
ssl->options.resuming 0
Calling user cert setup callback
wolfSSL Entering wolfSSL_get_client_suites_sigalgs
wolfSSL Entering wolfSSL_version
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
Unsupported cipher suite, CipherRequires
wolfSSL Entering wolfSSL_CTX_get_verify_mode
wolfSSL Leaving wolfSSL_CTX_get_verify_mode, return 0
wolfSSL Entering wolfSSL_set_verify
wolfSSL Entering wolfSSL_CTX_get_client_CA_list
wolfSSL Entering wolfSSL_sk_X509_NAME_num
wolfSSL Entering wolfSSL_dup_CA_list
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_set_client_CA_list
wolfSSL Entering wolfSSL_set_SSL_CTX
wolfSSL Entering wolfSSL_CTX_free
CTX ref count not 0 yet, no free
wolfSSL Leaving wolfSSL_CTX_free, return 0
User cert callback returned success
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Requires AEAD
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 29
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 23
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
Verified suite validity
wolfSSL Leaving DoClientHello, return 0
wolfSSL Leaving DoTls13ClientHello, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg, return 0
Shrinking input buffer
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
wolfSSL Entering SendServerHello
growing output buffer
wolfSSL Entering wolfSSL_get_options
Session Ticket extension to write
Point Formats extension to write
Secure Renegotiation extension to write
EMS extension to write
wolfSSL Leaving SendServerHello, return 0
accept state SERVER_HELLO_SENT
wolfSSL Entering SendCertificate
growing output buffer
wolfSSL Leaving SendCertificate, return 0
accept state CERT_SENT
wolfSSL Entering SendCertificateStatus   ----> we enter to SendCertificateStatus which should trigger stapling callback
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering GetAlgoId
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthInfo
No CA signer to verify with  ------>    ??
ParseCert failed  -----> ???   maybe there is something very simple, that we overlooked in our show_ocsp_server.pem, but we use it in our CI tests for OCSP update with OpenSSL and it works. 
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering FreeOcspRequest
wolfSSL Leaving SendCertificateStatus, return 0
accept state CERT_STATUS_SENT

Hope this helps.

vkssv commented 5 months ago

Another questions, could you please clarify, what we suppose to supply as a const unsigned char** derIn argument in wolfSSL_d2i_OCSP_CERTID ?

Should it be issuer certificate in DER format or just a byte string created as following: haproxy server certificate's cert->issuerHash in ASN1 + cert->issuerKeyHash in ASN1 + cert->serial in ASN1 and then encoded all this with hashAlgoOID from obtained in wolfSSL_OCSP_cert_to_id struct OcspEntry (you don't fill this field, hashAlgoOID, so by default it will be SHA1 hash) ?

As I've got from the code of ocsp.c, we need to call first wolfSSL_d2i_OCSP_CERTID to fill rawCertId and rawCertIdSize fields, which then are returned in wolfSSL_i2d_OCSP_CERTID. That is only way how wolfSSL_i2d_OCSP_CERTID could be used correctly ?

I will investigate further the error with No CA signer to verify with, but this go very far for us. So, please could you clarify our questions, that we will be sure that we are on the right way.

Kind regards,

vkssv commented 5 months ago

Hi guys !

I've attached a simple server program (server.c), which could be compiled and linked with either wolfSSL 5.7.0, or with OpenSSL 3.0.2 (coming from the distro package). There are also valid server certificate, corresponded to it OCSP response (DER) and corresponded issuer and intermediate certificates.

$ wget -c https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
$ /usr/bin/openssl ocsp -issuer lets-encrypt-r3-cross-signed.pem -cert testocsp.irq6.net.pem -url http://r3.o.lencr.org/ -respout testocsp.irq6.net.pem.ocsp
WARNING: no nonce in response
Response verify OK
testocsp.irq6.net.pem: good
    This Update: Jun  3 21:50:00 2024 GMT
    Next Update: Jun 10 21:49:58 2024 GMT

So, steps to reproduce with this server.c :

1. gcc server.c -g -DUSE_WOLFSSL -I /opt/wolfssl-5.7.0/include/wolfssl -I /opt/wolfssl-5.7.0/include -o server -L /opt/wolfssl-5.7.0/lib -lwolfssl -Wl,-rpath,/opt/wolfssl-5.7.0/lib

2. ./server ~/testocsp.irq6.net.pem  ~/testocsp.irq6.net.pem ~/testocsp.irq6.net.pem.ocsp

3. /usr/bin/openssl s_client -connect localhost:4433 -status -tls1_2

When server.c is linked with wolfSSL, we can see the following error in wolfSSL log ( no any patches in wolfSSL from our side, only stable 5.7.0 code):

...
Client TCP connection accepted
wolfSSL Entering wolfSSL_new
wolfSSL Entering ReinitSSL
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data)         = 128
opened /dev/urandom.
rnd read...
wolfSSL Entering SetSSL_CTX
wolfSSL Entering wolfSSL_NewSession
InitSSL done. return 0 (success)
wolfSSL_new InitSSL success
wolfSSL Leaving wolfSSL_new InitSSL =, return 0
wolfSSL Entering wolfSSL_set_fd
wolfSSL Entering wolfSSL_set_read_fd
wolfSSL Leaving wolfSSL_set_read_fd, return 1
wolfSSL Entering wolfSSL_set_write_fd
wolfSSL Leaving wolfSSL_set_write_fd, return 1
wolfSSL Entering wolfSSL_accept
wolfSSL Entering ReinitSSL
wolfSSL Entering RetrySendAlert
wolfSSL Entering RetrySendAlert
Client attempting to connect with different version
growing input buffer
received record layer msg
got HANDSHAKE
wolfSSL Entering wolfSSL_get_options
wolfSSL Entering DoTls13HandShakeMsg
wolfSSL Entering EarlySanityCheckMsgReceived
wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
wolfSSL Entering DoTls13HandShakeMsgType
processing client hello
wolfSSL Entering DoTls13ClientHello
wolfSSL Entering DoClientHello
    downgrading to TLSv1.2
Matched No Compression
Adding signature algorithms extension
Point Formats extension received
Supported Groups extension received
Session Ticket extension received
Certificate Status Request extension received
Encrypt-Then-Mac extension received
Extended Master Secret extension received
Signature Algorithms extension received
TLSX SigAlgo list exceeds max, truncating
wolfSSL Entering ALPN_Select
ssl->options.resuming 0
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires ECC
Requires AEAD
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 29
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 23
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 25
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
wolfSSL Entering wolfSSL_curve_is_disabled
wolfSSL_curve_is_disabled checking for 24
wolfSSL Leaving wolfSSL_curve_is_disabled, return 0
Verified suite validity
wolfSSL Leaving DoClientHello, return 0
wolfSSL Leaving DoTls13ClientHello, return 0
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg, return 0
Shrinking input buffer
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
wolfSSL Entering SendServerHello
growing output buffer
wolfSSL Entering wolfSSL_get_options
Certificate Status Request extension to write
Session Ticket extension to write
Point Formats extension to write
Secure Renegotiation extension to write
EMS extension to write
wolfSSL Leaving SendServerHello, return 0
accept state SERVER_HELLO_SENT
wolfSSL Entering SendCertificate
growing output buffer
wolfSSL Leaving SendCertificate, return 0
accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering GetAlgoId
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering DecodeAltNames
wolfSSL Entering DecodeCertPolicy
wolfSSL Leaving DecodeCertPolicy, return 0
No CA signer to verify with  ----> this error in wolfcrypt/src/asn.c:ParseCertRelative()  seems strange,  then we see that SendCertificateStatus returns 0, 
ParseCert failed
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering FreeOcspRequest
wolfSSL Leaving SendCertificateStatus, return 0
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange

openssl s_client shows:

$ /usr/bin/openssl s_client -connect localhost:4433 -status -tls1_2
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = testocsp.irq6.net
verify return:1
OCSP response: no response sent
---
Certificate chain
 0 s:CN = testocsp.irq6.net
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 15 17:24:10 2024 GMT; NotAfter: Aug 13 17:24:09 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEIzCCAwugAwIBAgISBOF3qj76IweKvzXPwnky9jbhMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA1MTUxNzI0MTBaFw0yNDA4MTMxNzI0MDlaMBwxGjAYBgNVBAMT
EXRlc3RvY3NwLmlycTYubmV0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEakj1
/ukCYPX6Z6SFchTI9aF9enHfc5OEtA8bGPEGlRapR8Npr3ZeLKpZfhwhiuyUpW08
LkronTpxcjRevlSDgKOCAhIwggIOMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUGOdc
0ur/0eBbE14mSlGdLYmHQm0wHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsU
wsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5j
ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wHAYDVR0R
BBUwE4IRdGVzdG9jc3AuaXJxNi5uZXQwEwYDVR0gBAwwCjAIBgZngQwBAgEwggED
BgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZ
u7+rOdiEcwAAAY99f16kAAAEAwBGMEQCIF+rp8aNT31gwZ+mD++JVdTvBK8/2/hR
S9PDvlxU1R1RAiBT8je0X7cRpbb3PvitBgzHJa87u+tntLA/dtz6duKHxwB2ABmY
EHEJ8NZSLjCA0p4/ZLuDbijM+Q9Sju7fzko/FrTKAAABj31/XsYAAAQDAEcwRQIh
ALFdUGMGS1EquRItNvKp6I/9yRQOFU596kB/Km3Es1R1AiAsJWejEmxvEZ8ET92w
xUjOiWDBUPuCGZtOjSDwVRPlKTANBgkqhkiG9w0BAQsFAAOCAQEAHCwM9sqMerL4
lZDuzpgOeuksa987Oix7ECedPmwzJqzsCAvN8/btsxnyc9Qhxb+LZ3ztt1yQJsaz
Oww/L55Fscc4BEFWSI+DeNeN4UgkNu3UTQrz5cSqQLHp4tvZtOYMU9ToY3s9x2c/
UeOfcm59eqoyNqIJYsfnHoZH6Hd7rnxZ9jqefqrQcnZS5UIiMO7vXUM2CSE0q+Tw
TLe8SocNv+kxLakxjKcqPZQS3ldVXCzqvoHBFtqbz+SiKIN8dCyGaeoCDuXzGKgD
ZEeuJCjmzezlHeZQ76yYJSzligO9dFn0GK1IGuVIqccqWBr1jIi4G8Hm4U/+6gwR
h2tLKswjFg==
-----END CERTIFICATE-----
subject=CN = testocsp.irq6.net
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2860 bytes and written 290 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES256-GCM-SHA384
    Session-ID: 053A633C40F2404C38655FD4681A534B8987994B76C7A96E43C8C6CF2E402669
    Session-ID-ctx: 
    Master-Key: B8D96D5D9AD108EBCDB7322985BBB3EDBA380F90A1D44885F4B287EB63D601F796F6AB04F4D23CD754312BC8DBDFB53F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 34 f9 25 ed 07 02 e4 ac-37 7a 2c b1 d3 ec b4 d8   4.%.....7z,.....
    0010 - 59 59 bf 46 11 10 17 6d-47 db 58 c8 de d9 1d a8   YY.F...mG.X.....
    0020 - 00 8d ce df 1e 82 99 85-30 bc 93 74 4e 25 90 93   ........0..tN%..
    0030 - c1 bc d8 4d 61 76 49 84-96 6c 5c 28 97 97 9b 25   ...MavI..l\(...%
    0040 - c2 ac 37 96 85 62 13 4c-14 db 2f 9d 25 34 ce 1b   ..7..b.L../.%4..
    0050 - aa ec b7 fb be 37 53 21-af 72 58 bb e1 3f d3 69   .....7S!.rX..?.i
    0060 - ee 10 3d 53 00 a8 f1 c4-a5 56 69 c1 a5 d2 76 25   ..=S.....Vi...v%
    0070 - a7 3f 90 39 84 0f cc 04-de c5 b3 5c 0d c2 ad 24   .?.9.......\...$
    0080 - 8e 9d 6d 81 71 52 ff 7f-60 dc ef 58 c3 e4 aa a9   ..m.qR..`..X....
    0090 - a7 f9 d8 09 31 5c 1d 70-f0 2e 21 ab 33 25 61 23   ....1\.p..!.3%a#
    00a0 - c5 69 90 ee ca e4 0d 4c-3c 0c fd c2 e5 74 af ce   .i.....L<....t..
    00b0 - 97 51 c0 88 b3 01 8c c8-6e 12 c4 af b8 a5 8f 00   .Q......n.......
    00c0 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00      ...............

    Start Time: 1717509859
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

Output, when compiled without wolfSSL_Debugging_ON();


$ ./server ~/testocsp.irq6.net.pem  ~/testocsp.irq6.net.pem ~/testocsp.irq6.net.pem.ocsp

sslecho : Simple Echo Client/Server : Jun  4 2024 : 16:13:28

We are the server on port: 4433

Client TCP connection accepted
Client SSL connection accepted

In case, when we compile and link the server.c with OpenSSL 3.0.2 from the distro:

$ gcc server.c -g -o server_ossl -lssl -lcrypto

$ ./server_ossl ~/testocsp.irq6.net.pem ~/testocsp.irq6.net.pem ~/testocsp.irq6.net.pem.ocsp

sslecho : Simple Echo Client/Server : Jun  4 2024 : 15:50:36

We are the server on port: 4433

Client TCP connection accepted
OCSP callback
Client SSL connection accepted

from client side we see the reponse:
$ /usr/bin/openssl s_client -connect localhost:4433 -status -tls1_2
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = testocsp.irq6.net
verify return:1
OCSP response: 
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = R3
    Produced At: Jun  3 21:50:00 2024 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4
      Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6
      Serial Number: 04E177AA3EFA23078ABF35CFC27932F636E1
    Cert Status: good
    This Update: Jun  3 21:50:00 2024 GMT
    Next Update: Jun 10 21:49:58 2024 GMT

    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        10:17:30:e2:9e:cb:9f:29:46:37:f6:72:e7:d1:e8:5f:3b:b2:
        04:16:21:07:f4:3a:03:62:35:b6:b8:1e:b3:a8:1f:c6:c2:59:
        46:af:fc:c5:51:6e:7e:e4:48:7c:09:67:2d:95:66:a1:6a:95:
        ca:b4:4e:29:47:c7:cc:09:5f:4e:c2:36:72:db:bc:3f:6a:b8:
        e8:3e:64:83:52:84:7b:c4:01:a1:0c:e9:27:60:d2:8e:97:15:
        fa:e7:c6:41:4f:57:5b:0b:05:c3:44:12:f7:49:5b:9d:8f:b5:
        98:43:e2:26:1d:3d:89:38:02:4f:5f:12:5e:c5:3b:b0:3a:17:
        af:d3:02:f1:7a:af:ef:a6:12:0c:9c:fd:44:33:cf:a2:91:10:
        ed:ee:29:4c:8f:0e:a6:ab:c7:fb:7c:55:71:37:b0:b4:ac:2f:
        22:9f:7a:71:01:77:f5:6b:f4:e7:ab:e8:43:e4:22:cd:2c:69:
        a1:42:60:53:3f:41:42:0d:f7:9b:b3:f7:70:13:c6:06:f0:2a:
        07:83:7d:c6:6d:af:31:18:de:c5:08:87:36:51:38:e6:18:e0:
        1f:b8:8a:bc:3f:1a:4c:f2:51:cc:72:6c:08:c1:51:8d:66:49:
        1e:3d:10:7c:3b:75:0a:34:b2:1e:be:d2:80:a1:b8:41:bc:2c:
        c5:71:e1:dd
======================================
---
Certificate chain
 0 s:CN = testocsp.irq6.net
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 15 17:24:10 2024 GMT; NotAfter: Aug 13 17:24:09 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
---
...

Hope this helps to debug, BR server_openssl_compat.zip

dgarske commented 3 months ago

@rizlik please provide an update to @vkssv . Thanks

hpn0t0ad commented 3 months ago

Hi! It's unfortunate that there doesn't seem to be much interest in making wolfssl work correctly with haproxy. I believe that many haproxy users would happily ditch quictls/openssl for wolfssl (myself included) but can't, for lack of ocsp stapling support. Is there any way users could help debug this issue?

dgarske commented 3 months ago

Hi @hpn0t0ad , thank you for the reminder about this issue. The engineer I assign is on vacation. Let me find another engineer to work on this. Thanks, David Garske, wolfSSL

ColtonWilley commented 3 months ago

Hello @vkssv

I was looking at this issue to reproduce, however it seems the certificates you provided (testocsp.irq6.net.pem) has expired. I was hoping you could provide me with details on how you created it and the ocsp file so I can test on my end.

Thanks, Colton Willey, wolfSSL.

wlallemand commented 1 month ago

Just updating the ticket here for people interested by the feature, there is a PR https://github.com/wolfSSL/wolfssl/pull/8036 which should fix part of the issues, we could probably have the feature soon in haproxy once this is merged.