I am checking the certificate revocation with below scenario. I have Root CA, Intermediate CA and device certificate is signed by Intermediate CA. I am makeing chain certificate by combining Root CA, Intermediate CA and this chain certificate is my active CA certificate and loaded this and device certificate to the drive.
From client, I am creating client certificate which is signed by same intermeidate CA.
Making ssl handshake. Handshake is success as expected.
Now i am revoking the intermediate CA and creating the crl which is signed by the Root CA. This crl has the serial number of intermediate CA.
Now loading the CRL to the drive and setting the crl in "mbedtls_ssl_conf_ca_chain".
Now i am establishing the ssl connection with the same client ceritificate and expecting the ssl handshake failure due to intermediate CA revoked. But i get handshake is success.
Is my understanding right about intermediate CA revocation?
I did little background debug, and my obervation is During handshake , it goes to static int x509_crt_verify_chain function in mbedtls. Its trying to find the parent using x509_crt_find_parent for the client certificate and get intermediate CA. During this time, parent_is_trusted is set as true. after this x509_crt_verifycrl is called with client certificate (child), intermediate CA (parent) and crl(has the intermediate CA serial number-issued by Root CA). During x509_crt_verifycrl check, it check for CRL issuer with ca subject and return 0, as its not matching. now in x509_crt_verify_chain , /* prepare for next iteration */ ., they are marking child_is_trusted = parent_is_trusted and child = parent, parent = NULL; and while loop continues, in loop, x509_crt_verify_chain checks for child_is_trusted is true and return as 0. But its not checking that intermediate CA is revoked or not. /* Stop here for trusted roots (but not for trusted EE certs) */ if( child_is_trusted ) return( 0 );
Hi Singaravelu,
I tried reproducing the issue, but in my tests when the intermediate CA is revoked by the root CA, the chain is correctly rejected.
* In X.509: https://github.com/Mbed-TLS/mbedtls/pull/8847/commits/884b6db84c7c66e585573d... (automated test) * In TLS:https://github.com/Mbed-TLS/mbedtls/pull/8847/commits/636bb4cf61680f1e53d2de... (manual testing with ssl_client2, see the commit message).
Do you see anything the differs in your setup that could explain the discrepancy? In particular, are you using the CA callback with mbedtls_ssl_conf_ca_cb(), or any other certificate related callback (SNI, etc.)?
Also, just to be sure: in order to check the client's certificate chain, the CRL has to be provisioned on the server (and vice-versa).
Can you confirm exactly which certificate-related functions (ssl_conf_ca_chain(), ssl_conf_own_cert(), etc.) you're calling on which side with what arguments?
Thanks, Manuel.
________________________________ From: singaravelu Balasubramani via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 15 February 2024 11:35 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Handshake is successful if the intermediate CA is revoked.
I am checking the certificate revocation with below scenario. I have Root CA, Intermediate CA and device certificate is signed by Intermediate CA. I am makeing chain certificate by combining Root CA, Intermediate CA and this chain certificate is my active CA certificate and loaded this and device certificate to the drive.
From client, I am creating client certificate which is signed by same intermeidate CA.
Making ssl handshake. Handshake is success as expected.
Now i am revoking the intermediate CA and creating the crl which is signed by the Root CA. This crl has the serial number of intermediate CA.
Now loading the CRL to the drive and setting the crl in "mbedtls_ssl_conf_ca_chain".
Now i am establishing the ssl connection with the same client ceritificate and expecting the ssl handshake failure due to intermediate CA revoked. But i get handshake is success.
Is my understanding right about intermediate CA revocation?
I did little background debug, and my obervation is During handshake , it goes to static int x509_crt_verify_chain function in mbedtls. Its trying to find the parent using x509_crt_find_parent for the client certificate and get intermediate CA. During this time, parent_is_trusted is set as true. after this x509_crt_verifycrl is called with client certificate (child), intermediate CA (parent) and crl(has the intermediate CA serial number-issued by Root CA). During x509_crt_verifycrl check, it check for CRL issuer with ca subject and return 0, as its not matching. now in x509_crt_verify_chain , /* prepare for next iteration */ ., they are marking child_is_trusted = parent_is_trusted and child = parent, parent = NULL; and while loop continues, in loop, x509_crt_verify_chain checks for child_is_trusted is true and return as 0. But its not checking that intermediate CA is revoked or not. /* Stop here for trusted roots (but not for trusted EE certs) */ if( child_is_trusted ) return( 0 ); -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
Hi Manuel, Thanks for the update.
I am testing the server side and enabling the certificate verification . So I have incorporated the changes made in ssl_client2 into ssl_server2 to support crl. Attached the modified files and certificates used to test the scenario .
Still I am facing the same problem. Am I doing something wrong?
*Certificate details:*
clientCertificate_int_ca_ca2.crt => concatenation of clientCertificate.crt , test_int-ca.crt and test_ca2.crt
int-ca_ca2.crt => concatenation of tes_int-ca.crt and test_ca2.crt
test.crl => only clientCertificate.crt is revocation
test_intCa.crl => only tes_int-ca.crt is revoked
clientCertificate.crt => signed by tes_int-ca.crt
Tested with:
*Scenario 1*: client certificate is valid.
programs/ssl/ssl_server2 auth_mode=required ca_file=int-ca_ca2.crt crt_file=server7.crt key_file=server7.key
programs/ssl/ssl_client2 auth_mode=none crt_file=clientCertificate_int_ca_ca2.crt key_file=client.key
-> certificate accepted, handshake succeeds
*Scenario 2*: client certificate is revoked
programs/ssl/ssl_server2 auth_mode=required ca_file=int-ca_ca2.crt crt_file=server7.crt key_file=server7.key crl_file= test.crl
programs/ssl/ssl_client2 auth_mode=none crt_file=clientCertificate_int_ca_ca2.crt key_file=client.key
-> certificate rejected, client certificate is revoked.
*Scenario 3*: intermediate certificate is revoked
programs/ssl/ssl_server2 auth_mode=required ca_file=int-ca_ca2.crt crt_file=server7.crt key_file=server7.key crl_file= test_intCa.crl
programs/ssl/ssl_client2 auth_mode=none crt_file=clientCertificate_int_ca_ca2.crt key_file=client.key
-> *Expected* : certificate rejected, intermediate certificate is revoked.
-> *Actual* : certificate accepted, handshake successful.
On Tue, Feb 20, 2024 at 3:13 PM Manuel Pegourie-Gonnard < Manuel.Pegourie-Gonnard@arm.com> wrote:
Hi Singaravelu,
I tried reproducing the issue, but in my tests when the intermediate CA is revoked by the root CA, the chain is correctly rejected.
- In X.509:
https://github.com/Mbed-TLS/mbedtls/pull/8847/commits/884b6db84c7c66e585573d... (automated test)
- In TLS:
https://github.com/Mbed-TLS/mbedtls/pull/8847/commits/636bb4cf61680f1e53d2de... (manual testing with ssl_client2, see the commit message).
Do you see anything the differs in your setup that could explain the discrepancy? In particular, are you using the CA callback with mbedtls_ssl_conf_ca_cb(), or any other certificate related callback (SNI, etc.)?
Also, just to be sure: in order to check the client's certificate chain, the CRL has to be provisioned on the server (and vice-versa).
Can you confirm exactly which certificate-related functions (ssl_conf_ca_chain(), ssl_conf_own_cert(), etc.) you're calling on which side with what arguments?
Thanks, Manuel.
*From:* singaravelu Balasubramani via mbed-tls < mbed-tls@lists.trustedfirmware.org> *Sent:* 15 February 2024 11:35 *To:* mbed-tls@lists.trustedfirmware.org < mbed-tls@lists.trustedfirmware.org> *Subject:* [mbed-tls] Handshake is successful if the intermediate CA is revoked.
I am checking the certificate revocation with below scenario. I have Root CA, Intermediate CA and device certificate is signed by Intermediate CA. I am makeing chain certificate by combining Root CA, Intermediate CA and this chain certificate is my active CA certificate and loaded this and device certificate to the drive.
From client, I am creating client certificate which is signed by same intermeidate CA.
Making ssl handshake. Handshake is success as expected.
Now i am revoking the intermediate CA and creating the crl which is signed by the Root CA. This crl has the serial number of intermediate CA.
Now loading the CRL to the drive and setting the crl in "mbedtls_ssl_conf_ca_chain".
Now i am establishing the ssl connection with the same client ceritificate and expecting the ssl handshake failure due to intermediate CA revoked. But i get handshake is success.
Is my understanding right about intermediate CA revocation?
I did little background debug, and my obervation is During handshake , it goes to static int x509_crt_verify_chain function in mbedtls. Its trying to find the parent using x509_crt_find_parent for the client certificate and get intermediate CA. During this time, parent_is_trusted is set as true. after this x509_crt_verifycrl is called with client certificate (child), intermediate CA (parent) and crl(has the intermediate CA serial number-issued by Root CA). During x509_crt_verifycrl check, it check for CRL issuer with ca subject and return 0, as its not matching. now in x509_crt_verify_chain , /* prepare for next iteration */ ., they are marking child_is_trusted = parent_is_trusted and child = parent, parent = NULL; and while loop continues, in loop, x509_crt_verify_chain checks for child_is_trusted is true and return as 0. But its not checking that intermediate CA is revoked or not. /* Stop here for trusted roots (but not for trusted EE certs) */ if( child_is_trusted ) return( 0 ); -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org