OCSP stapling in v3.1.x

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Apr 26 00:49:44 CEST 2016


v3.1.x now supports OCSP stapling (for the server cert).  By default (when stapling is enabled) it'll query the OCSP server every time a TLS client includes the TLS stapling extension, but as with OCSP verification in v3.1.x, the results (and now OCSP response) can be cached.

This should work both for EAP-TLS based methods (TLS, PEAP, TTLS) and for RADSEC.

FR OCSP common code adds TLS-OCSP-Next-Update when nextUpdate time is provided, which you can use to set the correct expiry time in rlm_cache.  More important for OCSP stapling than for client cert verification.

Also fixed up raddb/certs to generate an OCSP responder cert with the correct extensions.

openssl ocsp -index ./certs/index.txt -port 8888 -CA ./certs/ca.pem -rsigner ./certs/ocsp.pem -rkey ./certs/ocsp.key

If you want to try it out...

AFAICT there's no support in OSX, and there's no toggle (but possibly support?) in Windows 10, but wpa_supplicant definitely supports it:

# ocsp: Whether to use/require OCSP to check server certificate
#	0 = do not use OCSP stapling (TLS certificate status extension)
#	1 = try to use OCSP stapling, but not require response
#	2 = require valid OCSP stapling response
#	3 = require valid OCSP stapling response for all not-trusted
#	    certificates in the server certificate chain

Currently the OCSP server's responses are validated using the same ca_file and ca_path as everything else.

If anyone feels strongly that we should initialize a different X509_STORE for validating the staple and client cert OCSP responses, and can see that being used in the wild, then let me know and we can add it.

-Arran

(3,1)      eap_tls - Handshake state - before/accept initialization
(3,1)      eap_tls - Handshake state - Server before/accept initialization
(3,1)      eap_tls - <<< recv handshake [length 307], client_hello
(3,1)      eap_tls - Using responder URL "http://127.0.0.1:8888/"
(3,1)      eap_tls - OCSP response valid from:
(3,1)      eap_tls -   Apr 25 21:46:39 2016 GMT
(3,1)      eap_tls - Update time not provided.  Not adding &TLS-OCSP-Next-Update
(3,1)      eap_tls - Cert status: good
(3,1)      eap_tls - Certificate is valid
(3,1)      eap_tls - Serializing OCSP response
(3,1)      eap_tls -   &TLS-OCSP-Response := ...
(3,1)      eap_tls - Adding OCSP stapling extension

CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin at example.org/CN=Example Certificate Authority' hash=bd3c25ffa2f6bbd0d7745a1c78b9fd230edae367bb5d1723b6022b21694eecab
EAP: Status notification: remote certificate verification (param=success)
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin at example.org'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin at example.org' hash=e0d60e48d4750ec264f2dffac96bc62c7a0ce36cf4a5610dc3fd9ed213a36634
EAP: Status notification: remote certificate verification (param=success)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 06 1c
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate status)
...
OpenSSL: OCSP Response
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = FR, ST = Radius, O = Example Inc., CN = Example OCSP Responder Certificate, emailAddress = admin at example.org
    Produced At: Apr 25 21:46:39 2016 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 2B9F8F4A12CAA123868F7B710F2BC60E92821AC5
      Issuer Key Hash: AAB3E9B947C2A991C16779B84375D237B77CB5A9
      Serial Number: 01
    Cert Status: good
    This Update: Apr 25 21:46:39 2016 GMT

    Response Extensions:
        OCSP Nonce:
            0408ED50078B41A040B6
...
OpenSSL: OCSP response verification succeeded
OpenSSL: OCSP status for server certificate: good
SSL: (where=0x1001 ret=0x1)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160425/fc48ea58/attachment.sig>


More information about the Freeradius-Users mailing list