Created attachment 175427 [details] s_client logs LibreSSL fails to verify certain root certificates (i.e. GeoTrust) when security/ca_root_nss is installed. This issue only appeared after security/libressl was updated to 2.4.3. The problem occurs whether or not -CAfile is added to the command line. Steps to replicate: 1) Install security/libressl and security/ca_root_nss from head ports tree. 2) Run /usr/local/bin/openssl s_client -connect encrypted.google.com:443
Attached logs don't seem to show the problem. tuner.pandora.com:443 does show this behavior > $ /usr/local/bin/openssl s_client -CAfile /etc/ssl/cert.pem -connect tuner.pandora.com:443 > CONNECTED(00000003) > depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 > verify error:num=20:unable to get local issuer certificate > verify return:0
*** Bug 213226 has been marked as a duplicate of this bug. ***
More details in #213226 which I closed as duplicate, libressl 2.4.3 works with ca_root_nss 3.26 for me, but not with 3.27. OpenSSL 1.02j works with either.
see https://github.com/libressl-portable/portable/issues/80 also.
(In reply to Bernard Spil from comment #1) My apologies, there are two attempts in the attached log. The first one (to Google) fails and the second one (to a FreeBSD mirror) succeeds.
I also have mxlb.ispgateway.de on port 25 with STARTTLS in SMTP that fails with libressl 2.4.3, but works with 10.3 base OpenSSL and GnuTLS 3.4.15. - install ca_root_nss 3.27.1, libressl 2.4.3 and gnutls 3.4.15 on FreeBSD 10.3 to see the below: /usr/local/bin/openssl s_client -verify 5 -CAfile /etc/ssl/cert.pem -connect mxlb.ispgateway.de:25 -starttls smtp => verify depth is 5 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=27:certificate not trusted verify return:1 depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3 verify return:1 depth=0 OU = GT36639078, OU = See www.rapidssl.com/resources/cps (c)14, OU = Domain Control Validated - RapidSSL(R), CN = *.ispgateway.de verify return:1 --- Certificate chain 0 s:/OU=GT36639078/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.ispgateway.de i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate [...elided...] --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 8134793F242B58981FD229907B442E811A085C419453636C660D23050212C24A Session-ID-ctx: Master-Key: 1B43BBB0CD7BF678A07CC32500C3AC23E6BF993464F54243C7C1E841E836B7A2E1AE6B87C90918DE323931D25451281F TLS session ticket lifetime hint: 200 (seconds) TLS session ticket: 0000 - 95 fb bf 8a 32 e6 79 77-18 59 d1 d9 e8 5f 36 9a ....2.yw.Y..._6. 0010 - 1e 9c 3a 45 c1 6d 87 3b-60 c3 73 e3 04 0b d6 bb ..:E.m.;`.s..... 0020 - a2 a9 1f ef 24 d2 e2 c8-84 c5 09 b1 e0 6b 44 06 ....$........kD. 0030 - 99 c0 95 3e 16 98 89 10-3c 6b 30 46 5f 6a 26 20 ...>....<k0F_j& 0040 - 91 c8 1e 82 16 ae af 0b-53 7a df 99 4d 61 62 81 ........Sz..Mab. 0050 - 4b 5a a4 10 d1 26 b0 7b-1e 69 b5 7e 46 dd 94 c5 KZ...&.{.i.~F... 0060 - dc 2d 51 35 0c 1f be 14-d5 67 73 c7 3b fc ed dc .-Q5.....gs.;... 0070 - 3b 57 c5 1d d9 12 e3 a5-11 89 60 a4 4a 89 b0 b6 ;W........`.J... 0080 - 79 16 8a 59 de 80 88 1a-d1 2c 85 ac 19 c9 0a 58 y..Y.....,.....X 0090 - 38 3d 79 fe 36 60 25 e9-04 f9 1a 7f 08 7b 3d 42 8=y.6`%......{=B Start Time: 1477009932 Timeout : 300 (sec) Verify return code: 27 (certificate not trusted) [...] GnuTLS: # gnutls-cli --x509cafile /usr/local/share/certs/ca-root-nss.crt -p25 --starttls-proto smtp mxlb.ispgateway.de Processed 165 CA certificate(s). Resolving 'mxlb.ispgateway.de'... Connecting to '80.67.18.126:25'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `OU=GT36639078,OU=See www.rapidssl.com/resources/cps (c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.ispgateway.de', issuer `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-04-23 08:23:06 UTC', expires `2017-03-31 16:25:15 UTC', SHA-1 fingerprint `5dd3be33375f0c290c5a3d2ec5b7b61ce87c771e' Public Key ID: 1ccade17c2d1c7164194cf414d1c762d9d6437f0 Public key's random art: [...elided...] - Certificate[1] info: - subject `C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-08-29 21:39:32 UTC', expires `2022-05-20 21:39:32 UTC', SHA-1 fingerprint `0e34141846e7423d37f20dc0ab06c9bbd843dc24' - Certificate[2] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2002-05-21 04:00:00 UTC', expires `2018-08-21 04:00:00 UTC', SHA-1 fingerprint `7359755c6df9a0abc3060bce369564c8ec4542a3' - Status: The certificate is trusted. - Description: (TLS1.2)-(RSA)-(AES-256-GCM) - Session ID: 6A:C8:4B:E2:3B:A3:D0:98:0E:08:52:E5:2C:B5:5A:CD:49:FF:C1:98:5A:2C:4E:5F:39:D1:E4:51:60:BF:76:B2 - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-256-GCM - MAC: AEAD - Compression: NULL - Options: safe renegotiation, - Handshake was completed - Simple Client Mode:
This bug is now fixed in security/libressl-devel (2.5.1) but still applies to security/libressl (2.4.5)
Any chance of security/libressl upgrading to 2.5.1 soon? It's unusable because of this issue.
*** Bug 215291 has been marked as a duplicate of this bug. ***
(In reply to David O'Rourke from comment #8) As soon as it's deemed stable upstream, security/libressl will be bumped to 2.5.1. Note that this will come at a cost, some ports depending on libcrypto/-ssl will experience failures.
This was fixed in the 2.5 branch. Current port is therefore fixed.