Bug #3557
OCSP fails when response doesn't contain nonce
Start date:
Due date:
Estimated time:
Affected version:
5.9.0
Resolution:
Fixed
Description
In a recent version of strongswan, it introduced a feature that checks nonce in ocsp response, but if the ocsp server don't include nonce in the response, the ocsp verification will fail.
I guess that many public ocsp servers don't support such feature.
I've checked ocsp servers from letsencrypt and digicert, using openssl to manually verify the certificate, and you can see
WARNING: no nonce in response
OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 0348310D5E6C7DC4B59E8A250E263ED65176 Request Extensions: OCSP Nonce: 04109C0EF92AE2F9A12D626DB36508297203 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Sep 1 18:01:00 2020 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 0348310D5E6C7DC4B59E8A250E263ED65176 Cert Status: good This Update: Sep 1 18:00:00 2020 GMT Next Update: Sep 8 18:00:00 2020 GMT Signature Algorithm: sha256WithRSAEncryption 38:dd:0e:8f:ff:ad:c3:26:4b:d9:c3:0c:87:bf:ed:d4:05:88: 2c:cb:45:e0:c4:b2:95:fd:f3:6d:76:0c:14:f7:c9:0b:65:1d: 83:a7:82:ed:90:22:d5:15:35:9d:fe:f4:6c:97:ca:2b:14:7a: 7a:a1:6f:35:db:cb:00:53:64:16:92:82:a2:44:b4:a6:46:9f: 1f:0e:ec:2f:9e:d5:9b:1c:30:38:2d:e8:ed:35:8b:50:5d:47: 41:35:f5:d7:c6:26:25:14:95:23:00:d8:c5:de:fd:f1:9a:42: 3f:84:29:98:38:88:44:5e:a0:f2:03:33:30:ed:ea:8d:4f:be: dd:97:12:2e:9b:e4:72:40:76:84:ac:48:93:ce:d1:e4:bc:1c: 79:36:50:e2:ea:f6:72:04:2e:36:b2:3f:7c:92:6d:bb:d0:b4: 15:98:a8:7f:79:b5:b0:db:e0:65:d9:04:5e:b4:87:d3:20:7a: a7:56:47:6e:55:ab:81:04:42:29:29:e8:af:db:23:07:aa:0d: d6:ae:96:22:d3:a8:32:58:4f:e7:b9:3f:e7:39:26:db:06:b3: 56:13:19:66:f9:9a:ae:f7:6a:fd:82:93:53:48:4f:6f:9c:4d: 05:dc:95:64:42:9b:24:d6:73:94:e5:bf:da:a2:db:1f:66:64: 4f:aa:43:a6 WARNING: no nonce in response Response verify OK certificate.pem: good This Update: Sep 1 18:00:00 2020 GMT Next Update: Sep 8 18:00:00 2020 GMT
root@debian10:/dev/shm# openssl ocsp -issuer chain.pem -cert certificate.pem -text -url http://ocsp.digicert.com OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 105FA67A80089DB5279F35CE830B43889EA3C70D Issuer Key Hash: 0F80611C823161D52F28E78D4638B42CE1C6D9E2 Serial Number: 04FCA72B929357F526BD1965EA38997E Request Extensions: OCSP Nonce: 0410B80A7BC1993692F346B9B44358C6C203 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: 0F80611C823161D52F28E78D4638B42CE1C6D9E2 Produced At: Sep 2 12:03:01 2020 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 105FA67A80089DB5279F35CE830B43889EA3C70D Issuer Key Hash: 0F80611C823161D52F28E78D4638B42CE1C6D9E2 Serial Number: 04FCA72B929357F526BD1965EA38997E Cert Status: good This Update: Sep 2 12:03:01 2020 GMT Next Update: Sep 9 11:18:01 2020 GMT Signature Algorithm: sha256WithRSAEncryption c0:a8:25:6a:71:4e:56:96:d7:fc:52:18:8c:62:f9:aa:7e:c0: 94:f7:d5:b2:f3:26:c9:5b:01:d8:88:55:0a:3b:b3:85:55:95: 29:f7:15:3a:ff:1d:75:3b:e4:76:dd:22:83:58:68:d5:f6:48: e0:48:a0:0d:46:79:9d:c4:cf:67:01:01:83:a1:83:9b:76:f3: 84:50:75:19:a9:9a:a0:cf:58:51:a7:93:74:20:da:6a:41:26: d0:2b:68:d5:23:98:74:a2:42:65:4f:1a:4d:a6:50:af:8c:0a: 34:51:29:58:10:d5:06:71:a9:ca:7f:44:15:8c:df:d0:4d:0d: 40:20:6c:91:ea:35:61:74:33:37:31:b1:f2:84:fe:5d:ea:b5: 76:41:75:cc:aa:a7:31:87:f2:f2:6d:5c:8d:16:50:9e:ea:8f: a4:13:68:c6:1d:d2:b7:4a:84:8a:ae:cc:a5:9a:f5:70:5d:3d: 2f:f7:40:a5:c4:2a:e7:2d:f0:62:9b:38:51:ea:47:78:f0:3f: 1c:4a:8d:e6:ab:63:f2:89:a1:aa:9d:15:9a:f2:b5:5b:0b:bf: 7f:0d:3f:f5:b8:e6:22:d2:7d:01:a1:34:c9:ec:66:eb:0c:4b: 43:d0:fe:2c:67:b8:76:64:fa:1a:db:ba:de:99:a3:1b:8b:45: 30:cb:42:90 WARNING: no nonce in response Response verify OK certificate.pem: good This Update: Sep 2 12:03:01 2020 GMT Next Update: Sep 9 11:18:01 2020 GMT
And relevant log when trying to initiate ike connection
[CFG] using certificate "CN=example.net" [CFG] using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" [CFG] checking certificate status of "CN=example.net" [CFG] requesting ocsp status from 'http://ocsp.int-x3.letsencrypt.org' ... [CFG] nonce in ocsp response doesn't match [CFG] ocsp check failed, fallback to crl [CFG] certificate status is not available [CFG] using trusted ca certificate "O=Digital Signature Trust Co., CN=DST Root CA X3" [CFG] checking certificate status of "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" [CFG] requesting ocsp status from 'http://isrg.trustid.ocsp.identrust.com' ... [CFG] nonce in ocsp response doesn't match [CFG] ocsp check failed, fallback to crl [CFG] fetching crl from 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ... [CFG] using trusted certificate "O=Digital Signature Trust Co., CN=DST Root CA X3" [CFG] crl correctly signed by "O=Digital Signature Trust Co., CN=DST Root CA X3" [CFG] crl is valid: until Oct 01 03:40:12 2020 [CFG] certificate status is good [CFG] certificate policy 2.23.140.1.2.1 for 'CN=example.net' not allowed by trustchain, ignored [CFG] certificate policy 1.3.6.1.4.1.44947.1.1.1 for 'CN=example.net' not allowed by trustchain, ignored [CFG] reached self-signed root ca with a path length of 1 [IKE] authentication of 'example.net' with RSA_EMSA_PKCS1_SHA2_256 successful
History
#1 Updated by Tobias Brunner about 5 years ago
- Tracker changed from Issue to Bug
- Subject changed from OCSP Fails when response doesn't conatin nonce to OCSP fails when response doesn't contain nonce
- Category set to libstrongswan
- Status changed from New to Feedback
- Target version set to 5.9.1
There is already a fix in the ocsp-nonce branch.
#2 Updated by Sf W about 5 years ago
Thanks, didn't know about that, patched that one line code and now ocsp is working fine. Adding an option to strictly check nonce should be helpful for some users.
#3 Updated by Tobias Brunner almost 5 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to Fixed