dovecot - Mar 2018 - Extra intermediate certificate when using ssl_alt_cert

> On 10 March 2018 at 15:20 John Fawcett <john at voipsupport.it>
wrote:
> 
> 
> On 10/03/18 14:06, Aki Tuomi wrote:
> >
> >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it
> >> <mailto:john at voipsupport.it>> wrote:
> >>
> >>
> >> On 08/03/18 18:43, Peter Linss wrote:
> >>> I just added an ECDSA certificate to my mail server using
> >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert),
both
> >>> certificate files contain the certificate and a single
intermediate
> >>> (which currently happens to be the same intermediate from
Let?s
> >>> Encrypt).
> >>> When connecting to the server using either RSA or ECDSA
ciphers, the
> >>> server sends the proper certificate, but also sends two
> >>> intermediates. Apparently it?s reading the intermediate from
both
> >>> files and using both for all situations, rather than using
only the
> >>> intermediate in the RSA file for RSA certificates, and the
> >>> intermediate in the ECDSA file for ECDSA certificates. I
expect this
> >>> will be a bigger problem when Let?s Encrypt starts using ECDSA
> >>> intermediates.
> >>> Removing the intermediate from the ssl_alt_cert file solves
the
> >>> problem (but then doesn?t allow an ECDSA intermediate to be
specified).
> >> I believe that supplying multiple unrelated intermediate
certificates is
> >> an incorrect behaviour, though I don't know if this is a
problem that
> >> can be solved in Dovecot or has to be addressed in openssl itself.
> >>
> >> Do you get any issue in certificate validation in the client?
> >>
> >> John
> >
> > You sure your cert file does not contain unrelated certificates?
> > ---
> > Aki Tuomi
> 
> Aki
> 
> I'll leave Peter to respond about his cert files, but in the test I
did,
> each the ssl_cert and ssl_alt_cert each contained the server cert and
> the next cert in the chain. However, both intermediates were supplied
> whether using RSA or ECDSA.
> 
> John
>
I can confirm this behaviour. We'll look into it.

Aki

> On 10 March 2018 at 16:05 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> 
> 
> > On 10 March 2018 at 15:20 John Fawcett <john at voipsupport.it>
wrote:
> > 
> > 
> > On 10/03/18 14:06, Aki Tuomi wrote:
> > >
> > >> On 10 March 2018 at 14:49 John Fawcett < john at
voipsupport.it
> > >> <mailto:john at voipsupport.it>> wrote:
> > >>
> > >>
> > >> On 08/03/18 18:43, Peter Linss wrote:
> > >>> I just added an ECDSA certificate to my mail server using
> > >>> ssl_alt_cert (the RSA certificate is specified by
ssl_cert), both
> > >>> certificate files contain the certificate and a single
intermediate
> > >>> (which currently happens to be the same intermediate from
Let?s
> > >>> Encrypt).
> > >>> When connecting to the server using either RSA or ECDSA
ciphers, the
> > >>> server sends the proper certificate, but also sends two
> > >>> intermediates. Apparently it?s reading the intermediate
from both
> > >>> files and using both for all situations, rather than
using only the
> > >>> intermediate in the RSA file for RSA certificates, and
the
> > >>> intermediate in the ECDSA file for ECDSA certificates. I
expect this
> > >>> will be a bigger problem when Let?s Encrypt starts using
ECDSA
> > >>> intermediates.
> > >>> Removing the intermediate from the ssl_alt_cert file
solves the
> > >>> problem (but then doesn?t allow an ECDSA intermediate to
be specified).
> > >> I believe that supplying multiple unrelated intermediate
certificates is
> > >> an incorrect behaviour, though I don't know if this is a
problem that
> > >> can be solved in Dovecot or has to be addressed in openssl
itself.
> > >>
> > >> Do you get any issue in certificate validation in the client?
> > >>
> > >> John
> > >
> > > You sure your cert file does not contain unrelated certificates?
> > > ---
> > > Aki Tuomi
> > 
> > Aki
> > 
> > I'll leave Peter to respond about his cert files, but in the test
I did,
> > each the ssl_cert and ssl_alt_cert each contained the server cert and
> > the next cert in the chain. However, both intermediates were supplied
> > whether using RSA or ECDSA.
> > 
> > John
> >
> 
> I can confirm this behaviour. We'll look into it.
> 
> Aki
This appears to be slightly too difficult to fix for OpenSSL 1.0.0, but we can
fix this for 1.0.2 and later on next release.

Aki

> On 10 March 2018 at 16:53 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> 
> 
> > On 10 March 2018 at 16:05 Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
> > 
> > 
> > 
> > > On 10 March 2018 at 15:20 John Fawcett <john at
voipsupport.it> wrote:
> > > 
> > > 
> > > On 10/03/18 14:06, Aki Tuomi wrote:
> > > >
> > > >> On 10 March 2018 at 14:49 John Fawcett < john at
voipsupport.it
> > > >> <mailto:john at voipsupport.it>> wrote:
> > > >>
> > > >>
> > > >> On 08/03/18 18:43, Peter Linss wrote:
> > > >>> I just added an ECDSA certificate to my mail server
using
> > > >>> ssl_alt_cert (the RSA certificate is specified by
ssl_cert), both
> > > >>> certificate files contain the certificate and a
single intermediate
> > > >>> (which currently happens to be the same intermediate
from Let?s
> > > >>> Encrypt).
> > > >>> When connecting to the server using either RSA or
ECDSA ciphers, the
> > > >>> server sends the proper certificate, but also sends
two
> > > >>> intermediates. Apparently it?s reading the
intermediate from both
> > > >>> files and using both for all situations, rather than
using only the
> > > >>> intermediate in the RSA file for RSA certificates,
and the
> > > >>> intermediate in the ECDSA file for ECDSA
certificates. I expect this
> > > >>> will be a bigger problem when Let?s Encrypt starts
using ECDSA
> > > >>> intermediates.
> > > >>> Removing the intermediate from the ssl_alt_cert file
solves the
> > > >>> problem (but then doesn?t allow an ECDSA
intermediate to be specified).
> > > >> I believe that supplying multiple unrelated intermediate
certificates is
> > > >> an incorrect behaviour, though I don't know if this
is a problem that
> > > >> can be solved in Dovecot or has to be addressed in
openssl itself.
> > > >>
> > > >> Do you get any issue in certificate validation in the
client?
> > > >>
> > > >> John
> > > >
> > > > You sure your cert file does not contain unrelated
certificates?
> > > > ---
> > > > Aki Tuomi
> > > 
> > > Aki
> > > 
> > > I'll leave Peter to respond about his cert files, but in the
test I did,
> > > each the ssl_cert and ssl_alt_cert each contained the server cert
and
> > > the next cert in the chain. However, both intermediates were
supplied
> > > whether using RSA or ECDSA.
> > > 
> > > John
> > >
> > 
> > I can confirm this behaviour. We'll look into it.
> > 
> > Aki
> 
> This appears to be slightly too difficult to fix for OpenSSL 1.0.0, but we
can fix this for 1.0.2 and later on next release.
> 
> Aki
Sorry, target release 2.3.2, not 2.3.1.

Aki