On Thu, Jan 14, 2021 at 02:37:20PM +0100, Robert Nagy wrote: > On 14/01/21 14:27 +0100, Robert Nagy wrote: > > On 14/01/21 14:20 +0100, Theo Buehler wrote: > > > On Thu, Jan 14, 2021 at 01:32:41PM +0100, Matthieu Herrb wrote: > > > > Hi, > > > > > > > > I'm trying to debug strange beahaviour changes with certificates on a > > > > systemc after upgrading it from 6.7 to 6.8... > > > > > > > > On 6.7, If I run : > > > > > > > > openssl s_server -cert mycert.pem -key mykey.pem -CAfile CA.pem > > > > > > > > then openssl s_client -showcerts -connect localhost:4433 > > > > > > > > returns the full certificate chain mycert->CA > > > > > > > > With the same commands on 6.8, I don't get the CA certificate. > > > > > > > > Is this a known issue, and how can I get the chain with 6.8 ? > > > > > > > > (my real application is sendmail...) > > > > > > In short: Yes, this is known. You can't get the chain in 6.8. > > > > > > This is the reason why ajacoutot switched sendmail to link against > > > eopenssl11 as a workaround in -stable. As your thread on ports shows, > > > this workaround doesn't work if you add something that links against > > > LibreSSL to the mix. > > > > > > There are several layers of unexpected things/bugs involved. The two > > > main points are: > > > > > > 1. The TLSv1.3 server in 6.8 does not do auto chain since we hoped to > > > be able to avoid it. This was addressed post release when people > > > using OpenLDAP ran into it. > > > https://cvsweb.openbsd.org/src/lib/libssl/tls13_server.c#rev1.62 > > > > > > 2. The new verifier doesn't behave as it should when auto chain is > > > enabled. As a workaround -current switches to the legacy verifier in > > > this situation for about a week now. The proper fix in the new > > > verifier is under discussion. > > > https://cvsweb.openbsd.org/src/lib/libssl/tls13_server.c#rev1.65 > > > > > > I don't know whether/when there will be backports of some fixes to 6.8. > > > As sthen said in the thread on ports, right now the simplest fix is to > > > run -current. > > > > > > > i think this should be an errata for 6.8
Not exactly sure what you mean by "this," but I emphatically agree, errata are long overdue. It would be desirable to avoid an outright switch back to the legacy verifier if that's what you mean by the below. > I am also getting this problem with bacula using TLS < 1.3, reported to Bob > already, and I am currently running with the legacy verifier. FWIW this is a different issue that was also adressed in -current. https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/x509/x509_verify.c#rev1.26
