OCSP hash algorithm agility
Stefan Winter
stefan.winter at restena.lu
Wed Jan 11 10:35:47 CET 2017
And, for the record, if I use SHA1 name and key hashes, the result is as
expected:
Wed Jan 11 04:34:28 2017 : Debug: (5) eap_tls: Starting OCSP Request
Wed Jan 11 04:34:28 2017 : Debug: (5) eap_tls: ocsp: Using responder URL
"http://ocsp-test.hosted.eduroam.org:80/ticker/"
Wed Jan 11 04:34:28 2017 : Debug: Waking up in 0.4 seconds.
Wed Jan 11 04:34:28 2017 : Debug: Waking up in 0.7 seconds.
This Update: Jan 11 09:33:01 2017 GMT
Next Update: Jan 21 09:33:01 2017 GMT
Wed Jan 11 04:34:29 2017 : Debug: (5) eap_tls: ocsp: Cert status: good
Wed Jan 11 04:34:29 2017 : Debug: (5) eap_tls: ocsp: Certificate is valid
Stefan
Am 11.01.2017 um 10:30 schrieb Stefan Winter:
> Hi,
>
> I'm currently implementing an OCSP responder for use with EAP-TLS. I
> think I found a case of insufficient algorithm agility. Or I'm doing
> something wrong, hence my mail to the list here -can someone quickly
> confirm if I'm on the right track?
>
> I have a copy of the request FR 3.0.12 sends and the response I send back:
>
> [root at snf-734018 ticker]# openssl ocsp -reqin realrequest.der -req_text
> OCSP Request Data:
> Version: 1 (0x0)
> Requestor List:
> Certificate ID:
> Hash Algorithm: sha1
> Issuer Name Hash: DCEB2C72264239201A4A5DF547C78268A1CB33A2
> Issuer Key Hash: BC8DDD42F7B3B458E8ECEE403D21D404CEB9F2D0
> Serial Number: 0BA50D497E
> [root at snf-734018 ticker]# openssl ocsp -respin realresponse.der -resp_text
> OCSP Response Data:
> OCSP Response Status: successful (0x0)
> Response Type: Basic OCSP Response
> Version: 1 (0x0)
> Responder Id: O = eduroam, OU = eduroam-as-a-Service, CN =
> eduroam-as-a-Service Client Auth Issuing CA - Prototype
> Produced At: Jan 11 08:24:56 2017 GMT
> Responses:
> Certificate ID:
> Hash Algorithm: sha256
> Issuer Name Hash:
> 7A6CC4FC2F34491E91A8764D1F0990FB8FE02FE6FD64713AE4DCE0E731E5B508
> Issuer Key Hash:
> D9CE624ED036FD290E8BDA9A36107D40D37C41DF1BB268741157074D66B3C038
> Serial Number: 0BA50D497E
> Cert Status: good
> This Update: Jan 11 08:24:56 2017 GMT
> Next Update: Jan 21 08:24:56 2017 GMT
>
> Signature Algorithm: sha256WithRSAEncryption
>
> As can be seen, the request is about the same certificate (by serial),
> and the issuer and key are identical (I verified that out-of-band; it's
> my own CA and my own response generator. I am sure all is good.).
>
> But: FreeRADIUS sends the name and key hashes hashed with SHA1; my
> resonse does the hashes with SHA256.
>
> The result in debug mode is:
>
> Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: Starting OCSP Request
> Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: ocsp: Using responder
> URL "http://ocsp-test.hosted.eduroam.org:80/ticker/"
> Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: No Status found
> Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: Certificate has
> been expired/revoked
>
> The Status sits right there in the response: "Cert Status: good" but for
> some reason FR won't accept it.
>
> I believe it would be easy to fix this; calculate the name and key
> hashes for both algos and check if the response matches any one of those.
>
> I thought I could slap you with RFC6960's section 4.3: "Clients that
> request OCSP services SHALL be capable of processing responses signed
> using RSA with SHA-256 (identified by the sha256WithRSAEncryption OID
> specified in [RFC4055]). "
>
> but that one only pertains to the signature hash algorithm of the full
> response (which is sha256, and which does not seem to be the issue here).
>
> So, is all that correct?
>
> For the moment I will generate responses with SHA1 name and key hashes.
> But it feels like a step in the wrong direction.
>
> Greetings,
>
> Stefan Winter
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170111/ad823f35/attachment.sig>
More information about the Freeradius-Users
mailing list