Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libcurl: OCSP stapling fails when SSL context is reused #12399

Closed
zinzila opened this issue Nov 24, 2023 · 1 comment
Closed

libcurl: OCSP stapling fails when SSL context is reused #12399

zinzila opened this issue Nov 24, 2023 · 1 comment
Labels
TLS

Comments

@zinzila
Copy link

zinzila commented Nov 24, 2023

I did this

I've tried to reuse SSL context of the easy handle for a TLS connection with OCSP stapling. When doing so, certificate status verification fails. The reason is that when TLS session is reused OCSP response is not sent by the server, as required by TLS specification.

The code to reproduce the issue (the server must support OCSP stapling) :

int main(int argc, char* argv[])
{
    (void)argc;
    CURLcode ret;
    CURL* hnd;

    fprintf(stdout, "libcurl version: %s\n", curl_version());

    hnd = curl_easy_init();
    curl_easy_setopt(hnd, CURLOPT_URL, argv[1]);
    curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);

    // Self-signed certificate for testing
    curl_easy_setopt(hnd, CURLOPT_CAINFO, argv[2]);
    curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
    // Use OCSP
    curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYSTATUS, 1L);
    // do not reuse connection to force reuse of the SSL context
    curl_easy_setopt(hnd, CURLOPT_FORBID_REUSE, 1L);

    ret = curl_easy_perform(hnd);

    fprintf(stdout, "Curl call 1 completed with: %d - %s\n\n", ret, curl_easy_strerror(ret));

    curl_easy_setopt(hnd, CURLOPT_URL, argv[1]);
    ret = curl_easy_perform(hnd);

    fprintf(stdout, "Curl call 2 completed with: %d - %s\n\n", ret, curl_easy_strerror(ret));

    curl_easy_cleanup(hnd);
    hnd = NULL;

    return (int)ret;
}

The output of the test code:
(Test server: Apache/2.4.58 (Unix) OpenSSL/3.0.11)

libcurl version: libcurl/8.4.0 OpenSSL/3.1.4 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.4 libpsl/0.21.2 (+libidn2/2.3.4) libssh2/1.11.0 nghttp2/1.58.0
*   Trying 172.19.0.2:443...
* Connected to 172.19.0.2 (172.19.0.2) port 443
* ALPN: curl offers h2,http/1.1
*  CAfile: ./etc/tp25poc.ca.crt
*  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=DE; OU=TDTP25 Test; CN=localhost
*  start date: Nov 24 08:23:09 2023 GMT
*  expire date: Nov 21 08:23:09 2033 GMT
*  issuer: C=DE; OU=TDTP25 Test; CN=TDTP25 Test Root CA
*  SSL certificate verify ok.
* SSL certificate status: good (0)
* old SSL session ID is stale, removing
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://172.19.0.2/teapot.php
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: 172.19.0.2]
* [HTTP/2] [1] [:path: /teapot.php]
* [HTTP/2] [1] [accept: */*]
> GET /teapot.php HTTP/2
Host: 172.19.0.2
Accept: */*

< HTTP/2 418 
< x-client: 172.19.0.1
< content-type: text/html; charset=UTF-8
< date: Fri, 24 Nov 2023 08:54:48 GMT
< server: Apache/2.4.58 (Unix) OpenSSL/3.0.11
< 
<html>
<h1>418 I'm a teapot</h1><br>
</html>
* Closing connection
Curl call 1 completed with: 0 - No error

* Hostname 172.19.0.2 was found in DNS cache
*   Trying 172.19.0.2:443...
* Connected to 172.19.0.2 (172.19.0.2) port 443
* ALPN: curl offers h2,http/1.1
* SSL reusing session ID
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=DE; OU=TDTP25 Test; CN=localhost
*  start date: Nov 24 08:23:09 2023 GMT
*  expire date: Nov 21 08:23:09 2033 GMT
*  issuer: C=DE; OU=TDTP25 Test; CN=TDTP25 Test Root CA
*  SSL certificate verify ok.
* No OCSP response received
* Closing connection
Curl call 2 completed with: 91 - SSL server certificate status verification FAILED

Here for the second request it is visible that SSL context is reused and then it tries to get OCSP response from the OpenSSL but OpenSSL does not contain it any more.

I expected the following

The expectation is that when SSL context is reused and the server agrees to restore known TLS session, OCSP status check is not performed.

curl/libcurl version

libcurl version: libcurl/8.4.0 OpenSSL/3.1.4 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.4 libpsl/0.21.2 (+libidn2/2.3.4) libssh2/1.11.0 nghttp2/1.58.0

operating system

Linux *** 6.1.62-1-MANJARO #1 SMP PREEMPT_DYNAMIC Thu Nov 9 03:01:44 UTC 2023 x86_64 GNU/Linux
@bagder bagder added the TLS label Nov 24, 2023
bagder added a commit that referenced this issue Nov 27, 2023
@bagder
openssl: when a session-ID is reused, skip OCSP stapling
7cf0391 
Fixes #12399
Reported-by: Alexey Larikov
@bagder bagder mentioned this issue Nov 27, 2023
Closed
@bagder
Copy link
Member

bagder commented Nov 27, 2023

Is something like #12418 working for you?

@bagder bagder closed this as completed in 395365a Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
TLS
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

openssl: when a session-ID is reused, skip OCSP stapling curl/curl
2 participants
@bagder @zinzila