Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 08:18:46PM -0800, Ian Zimmerman via Exim-users wrote: > An excellent suggestion, thanks. I think I got stuck in this unproductive > (it seems) rut of authentication by verification because of two things: > > - not immediately obvious how to *compute* the checksum to match in > the first place. I don't expect it's just the checksum over the pem > file, is it? No, PEM is not suitably canonical, for that you'd want the ASN.1 DER form of the public key (or full certificate, whichever you prefer). > - the documentation for the md5 (and sha1) expansion operators is cryptic: > > If the string is a single variable of type certificate, returns the > MD5 hash fingerprint of the certificate. MD5 is deprecated, ideally Exim also support sha256 in the same role. The hash should be computed over the DER form. > what is a "variable of type certificate" in exim's proudly unityped > macro language? I am a Postfix maintainer, mostly lurking on this list, except when it comes to TLS-related or especially DANE-related issues. So can't answer anything about Exim variables. On the command-line, to extract the public key and/or certificate digests: # key digest $ openssl x509 -in cert.pem -pubkey -noout | openssl pkey -pubin -outform DER | openssl dgst -sha256 -binary | xxd -p -c32 # cert digest $ openssl x509 -in cert.pem -outform DER | openssl dgst -sha256 -binary | xxd -p -c32 -- VIktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote: > On the other hand, much better to simply maintain an explicit table of > trusted client public keys and match these (by SHA256 fingerprint > perhaps). Use a lookup table to check whether the client is authorised > or not. An excellent suggestion, thanks. I think I got stuck in this unproductive (it seems) rut of authentication by verification because of two things: - not immediately obvious how to *compute* the checksum to match in the first place. I don't expect it's just the checksum over the pem file, is it? - the documentation for the md5 (and sha1) expansion operators is cryptic: If the string is a single variable of type certificate, returns the MD5 hash fingerprint of the certificate. what is a "variable of type certificate" in exim's proudly unityped macro language? -- Ian -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:17:51PM +, Jeremy Harris via Exim-users wrote: > On 16/02/2023 21:09, Viktor Dukhovni via Exim-users wrote: > > Some applications (want to) only accept client certificates issued by a > > dedicated non-public CA, which amounts to an authorisation server > > In exim usage that's a test on a certextract of the issuer of > $tls_in_peercert, either just in ACL or as part of the > serer_condition for an authenticator using the tls driver. > > For either, the TLS session has to have been accepted first. The problem is that any root CA can issue a subCA with any subject DN it wants. So just checking issuer names, and expecting these to uniquely identify a private dedicated CA is not "safe". There is no global X.500 namespace that ensures uniqueness of CA "distinguished names", they're just made up. So, if I can't bypass the system trust store, I would be more inclined to check the issuer public key, not the issuer DN. That said, an OpenSSL application can just set the environemt and get a non-default trust store location: https://www.openssl.org/docs/manmaster/man3/X509_get_default_cert_dir_env.html const char *X509_get_default_cert_dir_env(void); const char *X509_get_default_cert_file_env(void); Just set those enviroment variables (just between us friends, those are "SSL_CERT_DIR" and "SSL_CERT_FILE") to a directory and file that hold only the application-specific trust anchors, and the system trust store would no longer be loaded by default. This works for OpenSSL, can't speak to GnuTLS... -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On 16/02/2023 21:09, Viktor Dukhovni via Exim-users wrote: Some applications (want to) only accept client certificates issued by a dedicated non-public CA, which amounts to an authorisation server In exim usage that's a test on a certextract of the issuer of $tls_in_peercert, either just in ACL or as part of the serer_condition for an authenticator using the tls driver. For either, the TLS session has to have been accepted first. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On Thu, Feb 16, 2023 at 09:44:55PM +0100, Heiko Schlittermann via Exim-users
wrote:
> > Is it at all possible with OpenSSL to stop the "system" location from
> > being checked? If not, that seems to make the use of TLS for client
> > authentication impossible because any certificate presented by
> > e.g. Google will pass verification. Am I reading this correctly?
>
> IMHO it shouldn't be sufficient accept any client that just has a
> verified certificate ("authenticated"). You should check, if the client
> is "authorized", by checking required certificate attributes (issuer,
> subject, …)
>
Some applications (want to) only accept client certificates issued by a
dedicated non-public CA, which amounts to an authorisation server. If
the CA gave you a cert, you're an authorised user of the application
until the cert expires (or is revoked, if the server application has
access to timely CRLs, ...)
They drank the PKI coolaid. I don't recommend this design. Often
simpler to just use a list of authorised public keys instead.
--
Viktor.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
Ian Zimmerman via Exim-users (Di 14 Feb 2023 01:40:52
CET):
> With OpenSSL the certificates specified explicitly either by file or
> directory are added to those given by the system default location.
>
> Is it at all possible with OpenSSL to stop the "system" location from
> being checked? If not, that seems to make the use of TLS for client
> authentication impossible because any certificate presented by
> e.g. Google will pass verification. Am I reading this correctly?
IMHO it shouldn't be sufficient accept any client that just has a
verified certificate ("authenticated"). You should check, if the client
is "authorized", by checking required certificate attributes (issuer,
subject, …)
Maybe I got you wrong.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On Mon, Feb 13, 2023 at 04:40:52PM -0800, Ian Zimmerman via Exim-users wrote: > With OpenSSL the certificates specified explicitly either by file or > directory are added to those given by the system default location. > > Is it at all possible with OpenSSL to stop the "system" location from > being checked? If not, that seems to make the use of TLS for client > authentication impossible because any certificate presented by > e.g. Google will pass verification. Am I reading this correctly? In principle, yes, it just requires not loading the default certificate store by not calling SSL_CTX_set_default_verify_paths(3). So if you want to permit only clients with trusted certificates signed by just your own CA, indeed you need to avoid loading the default cert store. On the other hand, much better to simply maintain an explicit table of trusted client public keys and match these (by SHA256 fingerprint perhaps). Use a lookup table to check whether the client is authorised or not. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] TLS authentication
On 14/02/2023 00:40, Ian Zimmerman via Exim-users wrote: Is it at all possible with OpenSSL to stop the "system" location from being checked? No. If not, that seems to make the use of TLS for client authentication impossible because any certificate presented by e.g. Google will pass verification. Am I reading this correctly? Please define your authentication requirements: exactly what do you want checked? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
