Re: x509 AlgorithmIdentifier parameters

2018-02-03 Thread Philip Martin 
Philip Martin  writes:

> A client using openssl 1.0 will connect to a server serving the
> RSASSA-PSS cert.  Clients using openssl 1.1 fail to verify cert.  The
> underlying openssl 1.1 error appears to be
>
>   $ openssl s_client -connect localhost:8887 -CAfile apache2/ssl/ca-cert.pem
>   ...
>   Verify return code: 68 (CA signature digest algorithm too weak)
>
> This suggests that RSASSA-PSS is obsolete, but as I mentioned earlier in
> the thread there are recent changes to the openssl project
> adding/extending RSASSA-PSS support as part of TLS 1.3:

I built openssl trunk (1.1.1-dev) and it is able to verify the cert:

   $ LD_LIBRARY_PATH=/usr/local/openssl/lib /usr/local/openssl/bin/openssl 
s_client -connect localhost:8887 -CAfile=apache2/ssl/ca-cert.pem
   ...
   Verify return code: 0 (ok)

This is exactly the same server and cert that cause openssl 1.1 to fail.

-- 
Philip

Re: x509 AlgorithmIdentifier parameters

2018-02-03 Thread Philip Martin 
Philip Martin  writes:

> Philip Martin  writes:
>
>> In Marc's case getting a new server cert that is not RSASSA-PSS might be
>> the best solution.
>
> r1822996 fixes the x509 parser on trunk.  It doesn't mean that the
> client will be able to verify the RSASSA-PSS certs (you would need an
> OpenSSL fix for that) but it does allow a JavaHL client to accept the
> failure to verify.

Another data point: the behaviour varies between openssl 1.0 and openssl
1.1.  With openssl 1.1 the apache server will not even start when using
an RSASSA-PSS cert

  [Sat Feb 03 10:18:03.858279 2018] [ssl:emerg] [pid 2717:tid 139629607192448] 
SSL Library Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md 
too weak

With openssl 1.0 the server does start.  I'm using openssl 1.1 to
generate the cert in both cases.

A client using openssl 1.0 will connect to a server serving the
RSASSA-PSS cert.  Clients using openssl 1.1 fail to verify cert.  The
underlying openssl 1.1 error appears to be

  $ openssl s_client -connect localhost:8887 -CAfile apache2/ssl/ca-cert.pem
  ...
  Verify return code: 68 (CA signature digest algorithm too weak)

This suggests that RSASSA-PSS is obsolete, but as I mentioned earlier in
the thread there are recent changes to the openssl project
adding/extending RSASSA-PSS support as part of TLS 1.3:

  https://github.com/openssl/openssl/issues/2878

-- 
Philip

Re: svn commit: r1822996 - in /subversion/trunk/subversion: libsvn_subr/x509parse.c tests/libsvn_subr/x509-test.c

2018-02-03 Thread Branko Čibej 
On 02.02.2018 19:27, phi...@apache.org wrote:
> Author: philip
> Date: Fri Feb  2 18:27:44 2018
> New Revision: 1822996
>
> URL: http://svn.apache.org/viewvc?rev=1822996=rev
> Log:
> Fix x509 parser to accept RSASSA-PSS certs by no longer assuming that
> algorithm parameters are NULL for all algorithms.  This change doesn't
> affect whether clients can verify RSASSA-PSS certs, that decision is
> delegated to OpenSSL, but it does allow JavaHL clients to accept a
> failure to verify such certs.

Backport for 1.10?

-- Brane