relayd ssl interception and certificate subject

Tue, 24 Nov 2015 06:27:37 -0800 

Hello,

I'm just testing ssl interception and noticed the following problem. Sometimes 
the Subject/Subject Alternative Name of the cert is altered with a different 
name than the one the original cert has:

The faked cert:

#############################################################################################

X.509 Certificate Information:
    Version: 3
    Serial Number (hex): 051f332aed0c96
    Issuer: 
C=DE,ST=Saxony,L=Dresden,O=Retiolum,OU=WEB,CN=SUB_CA,[email protected]
    Validity:
        Not Before: Wed Jan 28 03:58:40 UTC 2015
        Not After: Fri Jan 29 14:31:49 UTC 2016
    Subject: C=DE,CN=blog.b1-systems.de,[email protected]
    Subject Public Key Algorithm: RSA
    Algorithm Security Level: High (4096 bits)

...

    Extensions:
        Basic Constraints (not critical):
            Certificate Authority (CA): FALSE
        Key Usage (not critical):
            Digital signature.
            Key encipherment.
            Key agreement.
        Key Purpose (not critical):
            TLS WWW Server.
        Subject Key Identifier (not critical):
            47c3adafb6c9b8d26507975d444b07c30a85f020
        Authority Key Identifier (not critical):
            eb4234d098b0ab9ff41b6b08f7cc642eef0e2c45
        Subject Alternative Name (not critical):
-->         DNSname: blog.b1-systems.de
-->         DNSname: b1-systems.de
        Certificate Policies (not critical):
            2.23.140.1.2.1
            1.3.6.1.4.1.23223.1.2.3
                URI: http://www.startssl.com/policy.pdf
                Note: This certificate was issued according to the Class 1 
Validation requirements of the StartCom CA policy, reliance only for the 
intended purpose in compliance of the relying party obligations.
        CRL Distribution points (not critical):
            URI: http://crl.startssl.com/crt1-crl.crl
        Authority Information Access (not critical):
            Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
            Access Location URI: http://ocsp.startssl.com/sub/class1/server/ca
            Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
            Access Location URI: 
http://aia.startssl.com/certs/sub.class1.server.ca.crt
        Issuer Alternative Name (not critical):
            URI: http://www.startssl.com/
    Signature Algorithm: RSA-SHA1
#############################################################################################

The original cert:

X.509 Certificate Information:
    Version: 3
    Serial Number (hex): 0813002129d4f6
    Issuer: C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate 
Signing,CN=StartCom Class 2 Primary Intermediate Server CA
    Validity:
        Not Before: Thu Sep 24 15:20:33 UTC 2015
        Not After: Sun Sep 24 23:00:39 UTC 2017
    Subject: C=DE,ST=Bayern,L=Vohburg,O=B1 Systems 
GmbH,CN=www.b1-systems.de,[email protected]
    Subject Public Key Algorithm: RSA
    Algorithm Security Level: High (4096 bits)
        Modulus (bits 4096):

...

    Extensions:
        Basic Constraints (not critical):
            Certificate Authority (CA): FALSE
        Key Usage (not critical):
            Digital signature.
            Key encipherment.
            Key agreement.
        Key Purpose (not critical):
            TLS WWW Client.
            TLS WWW Server.
        Subject Key Identifier (not critical):
            2c6fafda29839f35c51c0ccde681e036168b10a9
        Authority Key Identifier (not critical):
            11db2345fd54cc6a716f848a03d7bef7012f2686
        Subject Alternative Name (not critical):
-->         DNSname: www.b1-systems.de
-->         DNSname: b1-systems.de
        Certificate Policies (not critical):
            2.23.140.1.2.2
            1.3.6.1.4.1.23223.1.2.3
                URI: http://www.startssl.com/policy.pdf
                Note: This certificate was issued according to the Class 2 
Validation requirements of the StartCom CA policy, reliance only for the 
intended purpose in compliance of the relying party obligations.
        CRL Distribution points (not critical):
            URI: http://crl.startssl.com/crt2-crl.crl
        Authority Information Access (not critical):
            Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
            Access Location URI: http://ocsp.startssl.com/sub/class2/server/ca
            Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
            Access Location URI: 
http://aia.startssl.com/certs/sub.class2.server.ca.crt
        Issuer Alternative Name (not critical):
            URI: http://www.startssl.com/
    Signature Algorithm: RSA-SHA256
#############################################################################################

In this case the DNS name www.b1-systems.de is removed from the cert what leads 
to an error message in the webbrowser.

apu01$ dig @8.8.8.8 +short www.b1-systems.de
b1-systems.de.
84.200.69.202
apu01$ dig @8.8.8.8 +short blog.b1-systems.de
spacelords.systems.b1-systems.de.
84.200.69.202
apu01$ dig @8.8.8.8 +short b1-systems.de     
84.200.69.202
apu01$ dig @8.8.8.8 +short -x 84.200.69.202
202.192-255.69.200.84.in-addr.arpa.
spacelords.systems.b1-systems.de.
apu01$ dig @8.8.8.8 +short spacelords.systems.b1-systems.de
84.200.69.202

Maybe in this special case it's caused by reverse lookup?

Is this the intended behaviour?

Thanks for this great software and Your time!

Regards Uwe

Reply via email to