[stunnel-users] Problem with the client certificate

Discussion:

(too old to reply)

Michael Renner

2008-12-27 19:56:08 UTC

Moin,

it seems that I understood something wrong with stunnel client certificates.
First of all: until now I run stunnel 4.18 and stunnel 4.21 with debian and
kubuntu without client certificates (with success). I use it to reach a
proprietary application through an untrusted network.

Now, I want the clients to authenticate against the server. Therefor, as a
quick and dirty test, I used the same stunnel.pem file at the server and at
the client side. The configuration at the server side (where the application
is waiting for connections, in this example it is just a script) looks like
this:
cert = /etc/stunnel/stunnel.pem
#chroot = /var/run/stunnel/
pid = /tmp/stunnel.pid
setuid = nobody
setgid = nogroup
output = /var/log/stunnel4.log
exec = /root/stest.sh
verify = 1
[BreakOut]
accept = 192.168.0.1:443

Here is the configuration at the client side, where a browser establish a
connection
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 0
debug = 7
output = /var/log/stunnel4/stunnel.log
client = yes
[BreakOut]
accept = 127.0.0.1:8080
connect = 192.168.0.1:443

First of all: is it right to set 'verify = 1' at the server side, and 'verify
= 0' at the client side? It seems right to me, because the client should
authenticate, but not the other way.

Anyhow: As soon as a connection is opened using this configuration it will
terminate at the same second.
***@mars:~$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

In the clients logfile I see
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
VERIFY IGNORE:
depth=0, /C=DE/ST=Germany/L=Munich/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
VERIFY OK:
depth=0, /C=DE/ST=Germany/L=Munich/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
VERIFY IGNORE:
depth=0, /C=DE/ST=Germany/L=Munich/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
VERIFY OK:
depth=0, /C=DE/ST=Germany/L=Munich/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server certificate request A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client certificate A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write certificate verify A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL alert (read): fatal: bad certificate
SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
BreakOut finished (0 left)

And, more interesting, at the server side:

BreakOut connected from 84.57.55.105:57987
VERIFY ERROR: depth=0, error=self signed
certificate: /C=DE/ST=Germany/L=Munich/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
SSL_accept: 140890B2: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Is something wrong with my self signed certificate? In my first tests I used
one that I made with tinyCA, an other was made according
http://www.stunnel.org/faq/certs.html:
* openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
* openssl gendh 512 >> stunnel.pem
* openssl rsa -in stunnel.pem -out new.pem
* edit new.pem, merge some parts with stunnel.pem and rename it

Any hint?

Thanks

Michael Renner

2008-12-31 17:02:16 UTC

Permalink

Hello,

Happy new year!

- key must belong to the user and have 0600 status (read only by the user)
- cert must belong to the user.

I think the permissions are OK. The file is owed by root and loaded at the
start
Wrote 1024 new random bytes to /root/.rnd
RAND_status claims sufficient entropy for the PRNG
PRNG seeded successfully
Certificate: /etc/stunnel/stunnelclient.pem
Certificate loaded
Key file: /etc/stunnel/stunnelclient.pem
Private key loaded
SSL context initialized for service BreakOut

* Is the content of the cert file of this form
-----BEGIN CERTIFICATE-----
certificate data here
-----END CERTIFICATE-----
?
and the content of the key file this form
-----BEGIN RSA PRIVATE KEY-----
key datat here
-----END RSA PRIVATE KEY-----

I made several files. According to http://www.stunnel.org/faq/certs.html#ToC5
I got a file with a certificate, a RSA Key and a DH section (I removed the
password for the certificate).

According to http://www.stunnel.org/examples/client_cert.html I got a
different file: it has a certificate and a RSA section and between them an
other section:

rcnyy/AbS1YPkdggJSnw+fqzg/L/QvQB6GTT5KWJzd0=
-----END RSA PRIVATE KEY-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Germany, L=Munich, O=vbox4php, OU=Rektorat,
CN=DE/emailAddress=***@gmx.de
Validity
Not Before: Dec 28 20:37:19 2008 GMT
Not After : Dec 28 20:37:19 2009 GMT
Subject: C=DE, ST=Germany, O=vbox4php, OU=stunnel,
CN=boulder.vbox4php.org/emailAddress=***@gmx.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b1:05:47:7a:27:4f:19:2b:18:72:e3:3c:f6:a6:
.
.
2b:55:2d:c9:dc:96:55:14:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
TinyCA Generated Certificate
X509v3 Subject Key Identifier:
86:F6:1F:71:29:AA:A5:61:DF:B2:81:F2:34:3A:A6:9E:58:C8:6A:5E
X509v3 Authority Key Identifier:

keyid:72:68:1A:0C:9D:E9:93:81:07:E9:36:71:75:33:05:C6:70:35:01:BF

DirName:/C=DE/ST=Germany/L=Munich/O=vbox4php/OU=Rektorat/CN=DE/emailAddress=***@gmx.de
serial:BC:97:82:4E:E3:9F:FE:5A

X509v3 Issuer Alternative Name:
email:***@gmx.de
X509v3 Subject Alternative Name:
email:***@gmx.de
Signature Algorithm: sha1WithRSAEncryption
49:ef:06:aa:e5:71:b1:6e:23:87:02:9d:ce:56:e1:3b:77:5a:
.
.
41:93:92:ee:57:23:95:f3:99:62:27:6a:a4:b7:85:b4:92:86:
22:50:79:a0
-----BEGIN CERTIFICATE-----

Anyhow: it fails:
2008.12.31 17:51:07 LOG4[13056:1073809760]: VERIFY ERROR: depth=0,
error=unable to get local issuer
certificate: /C=DE/ST=Germany/O=vbox4php/OU=stunnel/CN=boulder.vbox4php.org/emailAddress=***@gmx.de
2008.12.31 17:51:07 LOG3[13056:1073809760]: SSL_accept: 140890B2:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned

With strace I can see the the key and the cert is OK on the client side: (I
assume that it is only read once):

[pid 11829] open("/etc/stunnel/stunnelserver.pem", O_RDONLY) = 4
[pid 11829] fstat(4, {st_mode=S_IFREG|0600, st_size=5521, ...}) = 0
[pid 11829] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x7f8f5f13b000
[pid 11829] read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 4096
[pid 11829] read(4, "VQQDEwJERTEkMCIGCSqGSIb3\nDQEJARY"..., 4096) = 1425
[pid 11829] read(4, "", 4096) = 0
[pid 11829] close(4) = 0
[pid 11829] munmap(0x7f8f5f13b000, 4096) = 0
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 682008.12.31
17:52:56 LOG7[11829:140253752059616]: Certificate loaded
) = 68
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 902008.12.31
17:52:56 LOG7[11829:140253752059616]: Key
file: /etc/stunnel/stunnelserver.pem
) = 90
[pid 11829] open("/etc/stunnel/stunnelserver.pem", O_RDONLY) = 4
[pid 11829] fstat(4, {st_mode=S_IFREG|0600, st_size=5521, ...}) = 0
[pid 11829] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x7f8f5f13b000
[pid 11829] read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 4096
[pid 11829] close(4) = 0
[pid 11829] munmap(0x7f8f5f13b000, 4096) = 0
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 682008.12.31
17:52:56 LOG7[11829:140253752059616]: Private key loaded

While I see in the clients logfile:
SSL state (connect): SSLv3 flush data
SSL alert (read): fatal: bad certificate
SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Strange!

One more hint?

Michael Renner

2008-12-31 17:36:17 UTC

Permalink

Post by Michael Renner

Hello,

Happy new year!

OK, one more experiment:

I installed libssl-dev to my debian box. There are 2 interesting files:
/usr/share/doc/libssl-dev/demos/sign/cert.pem
/usr/share/doc/libssl-dev/demos/sign/key.pem

I 'cat' them together and used this file as the server and the key file: same
result!

SSL alert (read): fatal: bad certificate
SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate

Why?

Michael Renner

2009-01-03 21:45:06 UTC

Permalink

Well,
I think the problem comes from the CAfile, ie the cert used to verify the
other certs.

This is right. I thought that the CA file is not essential with verify depths
less than 2. It seems this was a mistake.
This time (yes, I use tinyCA), I made and used client- and server certificates
as well as the CA. Now it works.

Thanks for your help!

- your key (section ----BEGIN RSA PRIVATE KEY----- to ---END RSA...) in the
key file corresponding to key=file in config file.
- your certificate (section ----BEGIN CERTIFICATE ----- to ---END
CERTIFICATE...) in the cert file corresponding to cert=file in the config
file.
These files must exist for server and client since you want mutual
authentication.
For verifying the certificate, you need to put the client certificate
(autosigned) in the CAfile option of the server config file.
The same for the client : put the server certificate in the CAfile option
of the client config file.
on the server, the command 'openssl verify -CAfile client_cert.pem
client_cert.pem' should return ok
on the client, the command 'openssl verify -CAfile server_cert.pem
server_cert.pem' should return ok.
It can seem stupid but, as you have self-signed certificate, the CAfile is
the cert file.
If you use tinyCA, you can easily build your own CA with one CA cert and
several certs for clients or servers. Then, you would be able to have the
same CAfile on the client and on the server.
I hope this is clear enough. If not, write me back.

Post by Michael Renner

Hello,

Happy new year!

- key must belong to the user and have 0600 status (read only by the

user)

- cert must belong to the user.

I think the permissions are OK. The file is owed by root and loaded at
the start
Wrote 1024 new random bytes to /root/.rnd
RAND_status claims sufficient entropy for the PRNG
PRNG seeded successfully
Certificate: /etc/stunnel/stunnelclient.pem
Certificate loaded
Key file: /etc/stunnel/stunnelclient.pem
Private key loaded
SSL context initialized for service BreakOut

I made several files. According to
http://www.stunnel.org/faq/certs.html#ToC5
I got a file with a certificate, a RSA Key and a DH section (I removed
the password for the certificate).
According to http://www.stunnel.org/examples/client_cert.html I got a
different file: it has a certificate and a RSA section and between them
rcnyy/AbS1YPkdggJSnw+fqzg/L/QvQB6GTT5KWJzd0=
-----END RSA PRIVATE KEY-----
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Germany, L=Munich, O=vbox4php, OU=Rektorat,
Validity
Not Before: Dec 28 20:37:19 2008 GMT
Not After : Dec 28 20:37:19 2009 GMT
Subject: C=DE, ST=Germany, O=vbox4php, OU=stunnel,
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
.
.
2b:55:2d:c9:dc:96:55:14:bb
Exponent: 65537 (0x10001)
CA:FALSE
SSL Server
TinyCA Generated Certificate
86:F6:1F:71:29:AA:A5:61:DF:B2:81:F2:34:3A:A6:9E:58:C8:6A:5E X509v3
keyid:72:68:1A:0C:9D:E9:93:81:07:E9:36:71:75:33:05:C6:70:35:01:BF
DirName:/C=DE/ST=Germany/L=Munich/O=vbox4php/OU=Rektorat/CN=DE/emailAddre
serial:BC:97:82:4E:E3:9F:FE:5A
sha1WithRSAEncryption
.
.
22:50:79:a0
-----BEGIN CERTIFICATE-----
2008.12.31 17:51:07 LOG4[13056:1073809760]: VERIFY ERROR: depth=0,
error=unable to get local issuer
certificate: /C=DE/ST=Germany/O=vbox4php/OU=stunnel/CN=
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned
[pid 11829] open("/etc/stunnel/stunnelserver.pem", O_RDONLY) = 4
[pid 11829] fstat(4, {st_mode=S_IFREG|0600, st_size=5521, ...}) = 0
[pid 11829] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x7f8f5f13b000
[pid 11829] read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 4096
[pid 11829] read(4, "VQQDEwJERTEkMCIGCSqGSIb3\nDQEJARY"..., 4096) = 1425
[pid 11829] read(4, "", 4096) = 0
[pid 11829] close(4) = 0
[pid 11829] munmap(0x7f8f5f13b000, 4096) = 0
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 682008.12.31
17:52:56 LOG7[11829:140253752059616]: Certificate loaded
) = 68
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 902008.12.31
17:52:56 LOG7[11829:140253752059616]: Key
file: /etc/stunnel/stunnelserver.pem
) = 90
[pid 11829] open("/etc/stunnel/stunnelserver.pem", O_RDONLY) = 4
[pid 11829] fstat(4, {st_mode=S_IFREG|0600, st_size=5521, ...}) = 0
[pid 11829] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x7f8f5f13b000
[pid 11829] read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 4096
[pid 11829] close(4) = 0
[pid 11829] munmap(0x7f8f5f13b000, 4096) = 0
[pid 11829] write(2, "2008.12.31 17:52:56 LOG7[11829:1"..., 682008.12.31
17:52:56 LOG7[11829:140253752059616]: Private key loaded
SSL state (connect): SSLv3 flush data
SSL alert (read): fatal: bad certificate
SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert
bad certificate
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Strange!
One more hint?
--
|D-81541 Munich Germany ICQ: #112280325 |
|Germany Don't drink as root! ESC:wq