On 6 Dec 2018, at 23:03, Marcionelli Michele <***@math.ethz.ch<mailto:***@math.ethz.ch>> wrote:


On 6 Dec 2018, at 22:27, Ralph Mitchell <***@gmail.com<mailto:***@gmail.com>> wrote:

On Thu, Dec 6, 2018 at 4:22 PM Marcionelli Michele <***@math.ethz.ch<mailto:***@math.ethz.ch>> wrote:
Hej,

I wrote a kind of link-checker in bash using curl and sometimes the check fails - I think - because an incomplete certificate chain. But with a browser the certificate looks good.


For instance this fails on a Fedora 29 (and also on CentOS 6, 7, Fedora 28 & CentOS 6 with self compiled curl 7.62.0):

# curl -v https://www.math.ias.edu<https://www.math.ias.edu/>

* Rebuilt URL to: https://www.math.ias.edu/
* Trying 192.16.204.152...
* TCP_NODELAY set
* Connected to www.math.ias.edu<http://www.math.ias.edu/> (192.16.204.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate

# curl --version

curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1 zlib/1.2.11 brotli/1.0.5 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.8.5/openssl/zlib nghttp2/1.34.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL Metalink


The same command works on my Mac with OS X 10.13.6:

# curl -v https://www.math.ias.edu<https://www.math.ias.edu/>

* Rebuilt URL to: https://www.math.ias.edu/
* Trying 192.16.204.152...
* TCP_NODELAY set
* Connected to www.math.ias.edu<http://www.math.ias.edu/> (192.16.204.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; postalCode=08540; ST=New Jersey; L=Princeton; street=1 Einstein Drive; O=Institute for Advanced Study; OU=School of Mathematics; CN=*.math.ias.edu<http://math.ias.edu/>
* start date: Mar 15 00:00:00 2018 GMT
* expire date: Mar 15 23:59:59 2019 GMT
* subjectAltName: host "www.math.ias.edu<http://www.math.ias.edu/>" matched cert's "*.math.ias.edu<http://math.ias.edu/>"
* issuer: C=US; ST=MI; L=Ann Arbor; O=Internet2; OU=InCommon; CN=InCommon RSA Server CA
* SSL certificate verify ok.

# curl --version

curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy


Has someone any Idea why in the first case it fails?
Why in the second case it works?
And most important for me what can I do the run a successfully check on CentOS/Fedora?

Bests,
Michele

PS: I also copied my Mac /etc/ssl/cert.pem to Linux, without positive effect...

In Fedora 29, you're not using the /etc/ssl/cert.pem:

* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt

Try it as:

curl -v --capath /etc/ssl/cert.pem https://www.math.ias.edu<https://www.math.ias.edu/>

Ralph Mitchell

Sorry, in my "PS" when I said, that I hadn't success, I already tried the option "--capath ~/cert.pem". Here the result

* Rebuilt URL to: https://www.math.ias.edu/
* Trying 192.16.204.152...
* TCP_NODELAY set
* Connected to www.math.ias.edu<http://www.math.ias.edu/> (192.16.204.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: /home/****/cert.pem
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate

Sorry... actually I tried with "--cacert ~/cert.pem":

* Trying 192.16.204.152...
* TCP_NODELAY set
* Connected to www.math.ias.edu<http://www.math.ias.edu> (192.16.204.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /home/****/cert.pem
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate

Please pardon the top reply. My mobile email doesn’t easily do inline or bottom reply.

Clients (relying parties) have 3 ways to build the certificate trust chain during path validation:
1. The server (more generally, the entity at the other end) sends the entire chain in the packet with its TLS cert. If so, the client only needs to have the root certificate in it’s trust store.

2. The client trust store can have all necessary CA certificates in the trust store.

3. The intermediate CA cert(s) can be retrieved from the AIA. The root cert should also be available from the AIA (possibly of the intermediate CA certificate) but trust will still fail if the root is not in the trust store.

Many sites have useless AIA links that either don’t have the cert(s), aren’t reachable, or don’t exist. This is a common misconfiguration.

Firefox also allows explicitly trusting a TLS cert without the root. Once done, the server cert section of the Firefox trust store will have the server cert available.

Either Firefox, Chrome, or IE will allow you to examine and export/save all certs needed for the current connection. Start by clicking the padlock in the address bar.

It is likely the browser is working from an entirely different trust store. In the output below, curl is using:
/etc/ssl/cert.pem
With OpenSSL or the windows crypto tools, you can examine cert.pem (which could be a pem-formatted single cert or a P7B file containing many certain. If it doesn’t have the whole chain, locate the missing cert(s) and add them (if it’s already a P7B file). If it’s a single cert, create a P7B file with OpenSSL crl2p7b it the Windows tools. Then point curl to it.

I think curl can be compiled to use Firefox (Mozilla NSS) and Microsoft CNG trust stores also, but it’s been years since I did any of that. I recall it being much worse easier to create the P7B file. MS certmgr.msc can export its entire trusted intermediate CA certificate and trusted root certificate stores. I think Firefox can too. With MS, you have to make 2 exports and merge them later, if I recall correctly. Once you have one P7B file (really just another bucket format similar to a tar file) MS should let you double click the file and add/export certs via GUI tools.

OpenSSL can create, export from, and add to P7B files.

With all that said, the example below shows successful verification. The TLS protocol agreement appears to have failed.
This is probably from a server using older protocols than the client or vice-versa.

OpenSSL sclient is also a valuable tool for examining trust chains and protocols.


I hope this helps,
Von