httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57600] New: Presence of SSLCACertificate causes root CA of server certificate to appear in the SSL handshake's server Certificate message
Date Wed, 18 Feb 2015 23:48:39 GMT

            Bug ID: 57600
           Summary: Presence of SSLCACertificate causes root CA of server
                    certificate to appear in the SSL handshake's server
                    Certificate message
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P5
         Component: mod_ssl

The following was reproduced with the latest available versions of the 2.2 and
2.4 branch at the time of writing, i.e. 2.2.29 and 2.4.12, compiled from source
on Ubuntu 14.04.

Assuming a working configuration that uses SSL server authentication only, with
the following certificate hierarchy:

Subject: CN=My CA
Issuer:  CN=My CA

Subject: CN=localhost
Issuer:  CN=My CA

Observed behaviour:
If the issuing CA of the SSL server certificate happens to also be contained in
either the file or directory specified by SSLCACertificateFile resp.
SSLCACertificatePath, then this CA certificate gets included into the SSL
handshake as part of the Certificate message that the server sends to present
its server certificate chain.

The mere presence of the SSLCACertificate{File,Path} directive is sufficient to
make this CA certificate appear in the handshake. It is not necessary to have
SSL client authentication enabled, i.e. it will still do this regardless of
whether you configure an SSLVerifyClient directive or not.

In concrete terms, if I configure:

SSLSessionCacheTimeout 300 
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCertificateFile "/home/vmuser/apache-rootcert-handshake/certs/localhost.pem"
SSLEngine On

Then as expected, the Certificate message in the SSL handshake contains only a
single certificate: the server certificate itself.

However, by adding the following line to the otherwise identical config:

SSLCACertificateFile "/home/vmuser/apache-rootcert-handshake/certs/ca/ca.pem"

The Certificate message in the SSL handshake now contains 2 certificates: the
server certificate and its issuing CA, i.e. CN=My CA.

Expected behaviour:
The SSLCACertificate{File,Path} directives should not affect the SSL
Certificate handshake message used for transmitting the server certificate's
chain -- especially not when client authentication is disabled, either
explicitly or by absence of the SSLVerifyClient directive.

In fact, I would prefer to specifically avoid sending along the root CA of the
server certificate or its chain. It's the client's job to validate the server
certificate chain against a trust anchor from its own trust store; sending it
along only enables potential client-side bugs to validate the certificate
against the root CA that was sent along in the handshake rather than against
its own trust store.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message