Debian Bug report logs - #729555
lighttpd: SSL/SNI completely broken!

version graph

Package: lighttpd; Maintainer for lighttpd is Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>; Source for lighttpd is src:lighttpd.

Reported by: r.koebler@yahoo.de

Date: Thu, 14 Nov 2013 09:15:02 UTC

Severity: important

Found in versions lighttpd/1.4.31-4+deb7u1, lighttpd/1.4.33-1+nmu1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 09:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to r.koebler@yahoo.de:
New Bug report received and forwarded. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 09:15:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: r.koebler@yahoo.de
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 10:00:25 +0100
Package: lighttpd
Version: 1.4.31-4+deb7u1
Severity: important


The last "security update" completely broke SSL/SNI.
Before the update, SSL and SNI worked fine, but after the update, no more
SSL-connections are possible! Trying to connect to the lighttpd with SSL
results in timeouts (Firefox reports "The connection was interrupted"
after some time, wget times out with "Unable to establish SSL connection.").

The only message I could find in the logfiles, was:
"(connections.c.277) SSL: -1 5 32 Broken pipe"
 
-- System Information:
Debian Release: 6.0.8
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lighttpd depends on:
ii  libattr1               1:2.4.46-8        Extended attribute shared library
ii  libbz2-1.0             1.0.5-6+squeeze1  high-quality block-sorting file co
ii  libc6                  2.11.3-4          Embedded GNU C Library: Shared lib
ii  libfam0                2.7.0-17          Client library to control the FAM 
ii  libldap-2.4-2          2.4.23-7.3        OpenLDAP libraries
ii  libpcre3               1:8.30-5          Perl 5 Compatible Regular Expressi
ii  libssl1.0.0            1.0.1e-2          SSL shared libraries
ii  libterm-readline-perl- 1.0303-1          Perl implementation of Readline li
ii  lsb-base               3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  mime-support           3.48-1            MIME files 'mime.types' & 'mailcap
ii  perl                   5.10.1-17squeeze6 Larry Wall's Practical Extraction 
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages lighttpd recommends:
pn  spawn-fcgi                    <none>     (no description available)

Versions of packages lighttpd suggests:
pn  apache2-utils                 <none>     (no description available)
ii  openssl                       1.0.1e-2   Secure Socket Layer (SSL) binary a
pn  rrdtool                       <none>     (no description available)

-- Configuration Files:
/etc/lighttpd/lighttpd.conf changed [not included]
/etc/logrotate.d/lighttpd changed [not included]

-- no debconf information



Merged 729480 729555 Request was from Stefan Bühler <stbuehler@lighttpd.net> to control@bugs.debian.org. (Thu, 14 Nov 2013 10:54:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 10:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Bühler <stbuehler@lighttpd.net>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 10:57:04 GMT) Full text and rfc822 format available.

Message #12 received at 729555@bugs.debian.org (full text, mbox):

From: Stefan Bühler <stbuehler@lighttpd.net>
To: r.koebler@yahoo.de, 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 11:48:07 +0100
Hi,

I think this may be related to 729480, but I could be wrong (shouldn't
have merged so quickly, sorry).

On Thu, 14 Nov 2013 10:00:25 +0100
r.koebler@yahoo.de wrote:
> The last "security update" completely broke SSL/SNI.
> Before the update, SSL and SNI worked fine, but after the update, no
> more SSL-connections are possible! Trying to connect to the lighttpd
> with SSL results in timeouts (Firefox reports "The connection was
> interrupted" after some time, wget times out with "Unable to
> establish SSL connection.").
> 
> The only message I could find in the logfiles, was:
> "(connections.c.277) SSL: -1 5 32 Broken pipe"

I usually test my patches at least in the area they are made for. So
SSL (and SNI) is certainly not completely broken, as it worked for me.

So unless you share your config I don't see how I could help you if the
patch for 729480 doesn't fix your problem.

regards,
Stefan



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 11:57:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Roland Koebler <r.koebler@yahoo.de>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 11:57:09 GMT) Full text and rfc822 format available.

Message #17 received at 729555@bugs.debian.org (full text, mbox):

From: Roland Koebler <r.koebler@yahoo.de>
To: Stefan Bühler <stbuehler@lighttpd.net>
Cc: 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 12:48:04 +0100
[Message part 1 (text/plain, inline)]
Hi,

> I think this may be related to 729480, but I could be wrong (shouldn't
> have merged so quickly, sorry).
I don't know if it's related. It's certainly not the same, since I don't
use client certificates at all.

> I usually test my patches at least in the area they are made for. So
> SSL (and SNI) is certainly not completely broken, as it worked for me.
Hmm, here it *is* completely broken. I've attached a minimized config-file.
If the "$HTTP"-section or the "ssl.ca-file"-line is removed, I can
connect to lighttpd with SSL again; but if they are there, no
SSL-connections are possible.

The "solution" I found was to downgrade to 1.4.31-4:
  apt-get install lighttpd=1.4.31-4

regards,
Roland
[lighttpd.conf (text/plain, attachment)]

Disconnected #729555 from all other report(s). Request was from Stefan Bühler <stbuehler@lighttpd.net> to control@bugs.debian.org. (Thu, 14 Nov 2013 12:03:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 12:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Bühler <stbuehler@lighttpd.net>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 12:21:07 GMT) Full text and rfc822 format available.

Message #24 received at 729555@bugs.debian.org (full text, mbox):

From: Stefan Bühler <stbuehler@lighttpd.net>
To: Roland Koebler <r.koebler@yahoo.de>, 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 13:16:07 +0100
Hi,

On Thu, 14 Nov 2013 12:48:04 +0100
Roland Koebler <r.koebler@yahoo.de> wrote:

> Hmm, here it *is* completely broken. I've attached a minimized
> config-file. If the "$HTTP"-section or the "ssl.ca-file"-line is
> removed, I can connect to lighttpd with SSL again; but if they are
> there, no SSL-connections are possible.

let me just quote the config for reference:

$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.pemfile = "/etc/ssl/private/mycert.pem"
	ssl.ca-file = "/etc/ssl/private/mycert.ca"
}

$HTTP["host"] =~ "^(www\.)?example.com" {
	ssl.pemfile = "/etc/ssl/private/mycert2.pem"
	ssl.ca-file = "/etc/ssl/private/mycert2.ca"
}

and from
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt

>> Each SSL_CTX also gets loaded with all values for 
>> ssl.ca-file from all blocks in the config.

As only new openssl versions have X509_STORE and the api still looks
incomplete / broken, the ssl.ca-file certificates need to be preloaded
into all SSL_CTX (previously we had a SSL_CTX for each SNI host, but
that didn't work well - that was the basic problem behind the security
bug); if X509_STORE would work i could set it dynamically like the
pem file.


My guess is that the two private CAs you configured have a name
(Issuer/Subject) conflict; in that case openssl probably can't figure
out which one to use.

Can you confirm this?

This should probably be mentioned in debian/NEWS.

regards,
Stefan



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 13:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Roland Koebler <r.koebler@yahoo.de>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 13:45:04 GMT) Full text and rfc822 format available.

Message #29 received at 729555@bugs.debian.org (full text, mbox):

From: Roland Koebler <r.koebler@yahoo.de>
To: Stefan Bühler <stbuehler@lighttpd.net>
Cc: 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 14:41:32 +0100
Hi,

> As only new openssl versions have X509_STORE and the api still looks
> incomplete / broken, the ssl.ca-file certificates need to be preloaded
> into all SSL_CTX (previously we had a SSL_CTX for each SNI host, but
> that didn't work well - that was the basic problem behind the security
> bug); if X509_STORE would work i could set it dynamically like the
> pem file.
> 
> My guess is that the two private CAs you configured have a name
> (Issuer/Subject) conflict; in that case openssl probably can't figure
> out which one to use.
that sounds reasonable, since I now figured out that this only happens
with some pemfiles/ca-files. I have now examined the certificates in
my ca-files, and some have the same Issuer, but they all have different
Subjects.

But I've found a certificate in 2 ca-files, where:
Issuer of certificate in ca-file1 == Subject of certificate in ca-file2
Subject of certificate in ca-file1 == Issuer of certificate in ca-file2

If I remove one of the certificates from one file, I can connect with SSL again.
(But that's certainly no solution, since they are different certificates,
and the validation probably would fail, then.)


By the way, I get the following error from wget/OpenSSL when the
SSL-connection fails:

$ wget --no-check-certificate https://localhost
--2013-11-14 14:29:50--  https://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:443... connected.
OpenSSL: error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Unable to establish SSL connection.


> This should probably be mentioned in debian/NEWS.
Yes, definitely.
But only mentioning this problem does not really help; there should be
(a) some solution or (b) a warning, that this update maybe just broke
the SSL-connections, and that you should immediately test it and
maybe downgrade again.

And I think this is a *major* problem, since (as it seems) it breaks
SSL on all servers which use SNI and have two or more certificates from
the same issuer (or with a certificate of the same issuer in the
certificate-chain) -- which probably is *extremely* common.


regards,
Roland



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 14:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 14:33:04 GMT) Full text and rfc822 format available.

Message #34 received at 729555@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@debian.org>
To: 729555@bugs.debian.org
Cc: Roland Koebler <r.koebler@yahoo.de>
Subject: Re: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 15:28:48 +0100
Am Donnerstag, 14. November 2013, 14:05:14 schrieb Roland Koebler:
> Hi,
> 
> > I have packages with an updated patch from upstream for a
> > different
> > ssl related regression (#729480). Unfortunately, I am at the
> > moment
> > short of time to test it. If you could check if these packages fix
> > your regression, too, that would be a great help.
> 
> no, it does not fix the regression.
> 
> But I tried some more, and I noticed that this only occurs with some
> certificates, maybe only with some ca-files (or a combination of
> pemfiles and ca-files). Maybe the OpenSSL-error-message, wget
> returns (with both 1.4.31-4+deb7u1 and 7u2), can help:
> 
> $ wget --no-check-certificate https://localhost
> --2013-11-14 13:42:27--  https://localhost/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:443... connected.
> OpenSSL: error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive
> message size Unable to establish SSL connection.

Thank you very much for testing. Maybe someone else has time to debug 
this, or maybe I will have time tomorrow.

FTR, the packages with the fix from #729480 are at 
http://people.debian.org/~sf/729555/



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 16:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Bühler <stbuehler@lighttpd.net>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 16:03:04 GMT) Full text and rfc822 format available.

Message #39 received at 729555@bugs.debian.org (full text, mbox):

From: Stefan Bühler <stbuehler@lighttpd.net>
To: Roland Koebler <r.koebler@yahoo.de>, 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 17:00:47 +0100
Hi,

On Thu, 14 Nov 2013 14:41:32 +0100
Roland Koebler <r.koebler@yahoo.de> wrote:
> > My guess is that the two private CAs you configured have a name
> > (Issuer/Subject) conflict; in that case openssl probably can't
> > figure out which one to use.
> that sounds reasonable, since I now figured out that this only happens
> with some pemfiles/ca-files. I have now examined the certificates in
> my ca-files, and some have the same Issuer, but they all have
> different Subjects.
> 
> But I've found a certificate in 2 ca-files, where:
> Issuer of certificate in ca-file1 == Subject of certificate in ca-file2
> Subject of certificate in ca-file1 == Issuer of certificate in ca-file2
> 
> If I remove one of the certificates from one file, I can connect with
> SSL again. (But that's certainly no solution, since they are
> different certificates, and the validation probably would fail, then.)

Let's name those two certs A and B, then
  A.Issuer = B.Subject
  B.Issuer = A.Subject

This is a loop. You also claim that the subjects don't overlap, so
these two are the top of the (intermediate) chain. This means that you
have subject names that overlap with "public" subject names (as you
assume those are already present in clients) of a root certificate
(which is usually self-signed, i.e. Subject == Issuer, which A and B are
not).

I'd say your setup was already broken.

> > This should probably be mentioned in debian/NEWS.
> Yes, definitely.
> But only mentioning this problem does not really help; there should be
> (a) some solution or (b) a warning, that this update maybe just broke
> the SSL-connections, and that you should immediately test it and
> maybe downgrade again.

If you care about your system you should always check it after updating
and have a monitoring solution that helps you, and probably a test
setup in your deployment :) (there is nothing wrong about mentioning it
ofc)

There is no "solution" apart from fixing your CA setup.

> And I think this is a *major* problem, since (as it seems) it breaks
> SSL on all servers which use SNI and have two or more certificates
> from the same issuer (or with a certificate of the same issuer in the
> certificate-chain) -- which probably is *extremely* common.

No; usually your ca-files can be merged without problems; if you have
certificates from the same issuer (as in "same certificate") they are
even identical.


We have been discussing this upstream, but still found no other "good"
solution. Theoretically we could allocate a SSL_CTX for each
combination of server socket and "sni block" (with a ssl.pemfile),
which *might* work, but would be a rather big change, and might break
even more, and also is not what we would want to have in the end
(wasting resources).

regards,
Stefan



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Thu, 14 Nov 2013 17:45:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Roland Koebler <r.koebler@yahoo.de>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Thu, 14 Nov 2013 17:45:09 GMT) Full text and rfc822 format available.

Message #44 received at 729555@bugs.debian.org (full text, mbox):

From: Roland Koebler <r.koebler@yahoo.de>
To: Stefan Bühler <stbuehler@lighttpd.net>
Cc: 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Thu, 14 Nov 2013 18:40:30 +0100
Hi,

> This is a loop.
yes and no: It's not exactly a loop, since the two certificates belong
to certificate-chains of two different certificates, in this case:

Cert1				signed by PositiveSSL CA 2
PositiveSSL CA 2		signed by AddTrust External CA Root
AddTrust External CA Root	signed by UTN - DATACorp SGC

Cert2				signed by EssentialSSL CA
EssentialSSL CA			signed by COMODO Certification Authority
COMODO Certification Authority	signed by UTN - DATACorp SGC
UTN - DATACorp SGC		signed by AddTrust External CA Root


And I don't see why it should be a problem when e.g. two authorities
sign each others certificates. So, even

Cert1 <- A <- B
Cert2 <- B <- A

shouldn't cause *any* problem. If this makes SSL of lighttpd break,
it's a serious lighttpd-bug.

And the wget/OpenSSL-error-message
"OpenSSL: error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size"
looks like lighttpd tries to send A and B multiple times...

(By the way: Why does lighttpd even detect such loops? The lighttpd-config-
file *exactly* defines ca-files for every SNI-domain, which lighttpd should
simply send to the client. I don't see why lighttpd wants to be "smart"
and analyzes these ca-files...)

> This means that you
> have subject names that overlap with "public" subject names (as you
> assume those are already present in clients) of a root certificate
Yes, there are names which *may* overlap with public subject names;
but this depends on the client. Maybe one of the certificate-chain-
certificates is not necessary for some clients, but it may be necessary
for other clients.

> I'd say your setup was already broken.
No, it's not. Except you want to forbid cross-signing (which obviously
exists, and is used even by root authorities).
But see below.

> If you care about your system you should always check it after updating
> and have a monitoring solution that helps you, and probably a test
> setup in your deployment :)
Yeah, that's how I found this bug. But I don't think everyone has an
identical test-system, and tests a "urgency=high" security-update
before.

> There is no "solution" apart from fixing your CA setup.
The CA setup isn't broken. The only thing I could do here, is to remove
"UTN - DATACorp SGC signed by AddTrust External CA Root" from the chain,
but then: What about clients which know "AddTrust External CA Root"
but don't know "UTN - DATACorp SGC"?
(And even if this works in this case, it may very well fail in others.)

> No; usually your ca-files can be merged without problems; if you have
> certificates from the same issuer (as in "same certificate") they are
> even identical.
No! There are *lots* of certificates which have the same issuer and
subject; without this, you wouldn't be able to update certificates!
Issuer + Subject + Validity is probably be unique, but Issuer + Subject
is certainly not!

And setups like

Cert1 <- A(2008-2018) <- B
Cert2 <- A(2012-2022) <- B

are really really common.

> We have been discussing this upstream, but still found no other "good"
> solution. Theoretically we could allocate a SSL_CTX for each
> combination of server socket and "sni block" (with a ssl.pemfile),
> which *might* work, but would be a rather big change, and might break
> even more, and also is not what we would want to have in the end
> (wasting resources).
1.4.31-4 worked fine here.

I hope that I've misunderstood parts of your mail; but if you really
treat Issuer+Subject as unique, SNI in lighttpd is terribly broken.

I don't know the inner workings for lighttpd and the details of the
https-protocol, but why does lighttpd analyze the ca-files at all?
Couldn't it simply look into its config-file, and send out the ca-file
which belongs to the current pemfile?


regards,
Roland



Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Fri, 15 Nov 2013 12:00:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Bühler <stbuehler@lighttpd.net>:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Fri, 15 Nov 2013 12:00:08 GMT) Full text and rfc822 format available.

Message #49 received at 729555@bugs.debian.org (full text, mbox):

From: Stefan Bühler <stbuehler@lighttpd.net>
To: Roland Koebler <r.koebler@yahoo.de>, 729555@bugs.debian.org
Subject: Re: Bug#729555: lighttpd: SSL/SNI completely broken!
Date: Fri, 15 Nov 2013 12:56:54 +0100
Hi again.

The following is my own opinion, and does not reflect an upstream
consensus.

On Thu, 14 Nov 2013 18:40:30 +0100
Roland Koebler <r.koebler@yahoo.de> wrote:

> Hi,
> 
> > This is a loop.
> yes and no: It's not exactly a loop, since the two certificates belong
> to certificate-chains of two different certificates, in this case:
> 
> Cert1				signed by PositiveSSL CA 2
> PositiveSSL CA 2		signed by AddTrust External CA Root
> AddTrust External CA Root	signed by UTN - DATACorp SGC
> 
> Cert2				signed by EssentialSSL CA
> EssentialSSL CA			signed by COMODO Certification
> Authority COMODO Certification Authority	signed by UTN -
> DATACorp SGC UTN - DATACorp SGC		signed by AddTrust
> External CA Root
> 
> 
> And I don't see why it should be a problem when e.g. two authorities
> sign each others certificates. So, even
> 
> Cert1 <- A <- B
> Cert2 <- B <- A
> 
> shouldn't cause *any* problem.

I see now what you're using it for. I still think this is wrong, but I
also can understand you don't want to change it for compat reasons.

> If this makes SSL of lighttpd break, it's a serious lighttpd-bug.

If there would be an easy and good way of fixing it, I would have done
it. Sadly openssl is a f*** piece of shit, and I decided that I wasted
enough time with it.
(I also disagree with the attribute "serious".)

> (By the way: Why does lighttpd even detect such loops? The
> lighttpd-config- file *exactly* defines ca-files for every
> SNI-domain, which lighttpd should simply send to the client. I don't
> see why lighttpd wants to be "smart" and analyzes these ca-files...)

lighttpd doesn't give a shit about your ca-files. I just hands them over
to openssl. Though with the new patch *all* your ca-files end up in the
same SSL_CTX, which openssl cannot handle (although you can blame
openssl for the stupid API itself, at this stage this can't be fixed;
there is no way to decide which certificates to pick from the merged
ca-lists).

If you want to understand the inner workings of all this, read the
code. If you want to live a happy life, don't.


I still hold to the argument that CA loops are wrong. Cross-signing CA
in *one* direction is ok, but both ways is just wrong.
Pick one (or more) CAs to be at the top, and use cross-signed certs up
to it.


Perhaps someone comes up with a patch fixing your problem. Perhaps it
even gets fixed upstream. But I'm done with openssl - sorry for this.

regards,
Stefan



Merged 729480 729555 Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sat, 16 Nov 2013 22:33:04 GMT) Full text and rfc822 format available.

Marked as found in versions lighttpd/1.4.33-1+nmu1. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sat, 16 Nov 2013 22:42:05 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'important' Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sat, 16 Nov 2013 22:42:10 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from Michael Gilbert <mgilbert@debian.org> to 729480-submit@bugs.debian.org. (Sat, 16 Nov 2013 22:51:06 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Michael Gilbert <mgilbert@debian.org> to 729480-submit@bugs.debian.org. (Sat, 16 Nov 2013 22:51:08 GMT) Full text and rfc822 format available.

Disconnected #729480 from all other report(s). Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 17 Nov 2013 00:15:06 GMT) Full text and rfc822 format available.

Severity set to 'important' from 'serious' Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 17 Nov 2013 00:30:05 GMT) Full text and rfc822 format available.

Removed tag(s) patch. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 17 Nov 2013 00:30:06 GMT) Full text and rfc822 format available.

Removed tag(s) pending. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 17 Nov 2013 00:30:07 GMT) Full text and rfc822 format available.

Reply sent to Stefan Fritsch <sf@debian.org>:
You have taken responsibility. (Thu, 28 Nov 2013 22:33:29 GMT) Full text and rfc822 format available.

Notification sent to r.koebler@yahoo.de:
Bug acknowledged by developer. (Thu, 28 Nov 2013 22:33:29 GMT) Full text and rfc822 format available.

Message #72 received at 729555-close@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@debian.org>
To: 729555-close@bugs.debian.org
Subject: Bug#729555: fixed in lighttpd 1.4.28-2+squeeze1.5
Date: Thu, 28 Nov 2013 22:32:33 +0000
Source: lighttpd
Source-Version: 1.4.28-2+squeeze1.5

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729555@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 14 Nov 2013 11:07:04 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source all i386
Version: 1.4.28-2+squeeze1.5
Distribution: oldstable-security
Urgency: low
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 729480 729555
Changes: 
 lighttpd (1.4.28-2+squeeze1.5) oldstable-security; urgency=low
 .
   * Non-maintainer upload by the Security Team.
   * Fix regression introduced by fix for cve-2013-4508, related to client
     certificates and SNI. Closes: #729555, #729480
Checksums-Sha1: 
 e79fb8e034a5f9244817f6bcdc11ac9e44cad638 1676 lighttpd_1.4.28-2+squeeze1.5.dsc
 509a23fa34e4d2b03d67bec7b3cb436d886de9f2 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
 b407af03ebba354f60148755f0b8dd478d9d36eb 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
 2e1842ba0b6c4016ca31eacdd206c199863b0aae 276822 lighttpd_1.4.28-2+squeeze1.5_i386.deb
 09c3b01054f753d73f7eb38b915f256a1ee622fc 19238 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
 2acf284248bb7ce8d8efc7ac0b066ed990ace92e 20776 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
 51f733cfbe71d4ccbdabc9bc246cb4b2fd2996a7 23772 lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
 597b2c5b95722b6f644a2afc3e75d2e98331d737 24784 lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
 fd90be1d0995fcea022cd65cce7bf6caa598790e 31720 lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb
Checksums-Sha256: 
 ef00a8b7df9a5e780bda986c13cd7f6eb6bfacc285ab1e426834f506d9c70529 1676 lighttpd_1.4.28-2+squeeze1.5.dsc
 718dd85902aeca85218ebae554a0286f782576f7e2597f5aed871b8dcca5a7fc 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
 a0ac49b568be83e5e6b9d4fbb3b5617cf6c5d4c1f9202e991b755fd0c205ad95 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
 ae9016fbcf3d94b2ab4f92dafc7658dfe92b41b52420e162f1ecd7cf51a230f9 276822 lighttpd_1.4.28-2+squeeze1.5_i386.deb
 7659bcb2b2fc5b1aba372e547bf926979d90b08a8f8e2a67ec5f7460a9e89c43 19238 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
 45a496b7f7bcdf79f3c5eaa7ad5454693835780c33a2b5b59b0833f0c6ce2fad 20776 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
 12e0eb2413e9af29bc8afac167b3c964e2511ed04d7b8ac31cb178d8de79697b 23772 lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
 42fe011a019f800648be41f6403dbdc6bc9ec366f83f16682ed802bf035c0232 24784 lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
 e54609970bc0abe16a6ca7257f94a1247005cdf263f0fb7749c0428ef24145f6 31720 lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb
Files: 
 0f68e69ea5acbf3cb4fe9019823ef06d 1676 httpd optional lighttpd_1.4.28-2+squeeze1.5.dsc
 bdc45661b02e5d0e39f91395a0f04505 35526 httpd optional lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
 6b2f600966ac44af880244b015b9a6b4 64012 doc optional lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
 2625dcd339883b912a9292cbaf239b1b 276822 httpd optional lighttpd_1.4.28-2+squeeze1.5_i386.deb
 60185ea2f13a36808bad3b3a9e1cada1 19238 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
 e33d260bb2837a283045d5b2e2bfa05c 20776 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
 afe4a02265c89a02b5cf9ab8d4c9bf60 23772 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
 a7d9ed96bd930363cf92920063f2ff94 24784 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
 71f0637b6a3acda746dd02f0be55ac05 31720 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iD8DBQFShKKybxelr8HyTqQRAso6AKDHTJh55+ujX19R6dFizbXyWHtfSACfd3eR
b4GfoHUpBvZJrs6QsMj7mdg=
=GV+O
-----END PGP SIGNATURE-----




Reply sent to Stefan Fritsch <sf@debian.org>:
You have taken responsibility. (Thu, 05 Dec 2013 21:21:25 GMT) Full text and rfc822 format available.

Notification sent to r.koebler@yahoo.de:
Bug acknowledged by developer. (Thu, 05 Dec 2013 21:21:25 GMT) Full text and rfc822 format available.

Message #77 received at 729555-close@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@debian.org>
To: 729555-close@bugs.debian.org
Subject: Bug#729555: fixed in lighttpd 1.4.31-4+deb7u2
Date: Thu, 05 Dec 2013 21:17:19 +0000
Source: lighttpd
Source-Version: 1.4.31-4+deb7u2

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729555@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 14 Nov 2013 10:55:41 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source i386 all
Version: 1.4.31-4+deb7u2
Distribution: stable-security
Urgency: high
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 lighttpd   - fast webserver with minimal memory footprint
 lighttpd-doc - documentation for lighttpd
 lighttpd-mod-cml - cache meta language module for lighttpd
 lighttpd-mod-magnet - control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 729480 729555
Changes: 
 lighttpd (1.4.31-4+deb7u2) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix regression introduced by fix for cve-2013-4508, related to client
     certificates and SNI. Closes: #729555, #729480
Checksums-Sha1: 
 21937c02aad20e15b6b3462ca57f5d8745b73a85 2040 lighttpd_1.4.31-4+deb7u2.dsc
 11616c7aa7de721a07c316010aa970c4d19b6a8a 33310 lighttpd_1.4.31-4+deb7u2.debian.tar.gz
 38d6f15e2fc94a259122c1ba0eefd15a6aa9bbe0 297994 lighttpd_1.4.31-4+deb7u2_i386.deb
 202ec8cd938af46615c08249fb39747cd217fe82 64468 lighttpd-doc_1.4.31-4+deb7u2_all.deb
 77908b959660c3b28acc3f2c229417bd6df2b816 20104 lighttpd-mod-mysql-vhost_1.4.31-4+deb7u2_i386.deb
 bd7d20489b87af5045f02030699264f3434d9c13 21564 lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u2_i386.deb
 d6f02a954d0ae79cd79a69ab4c05c659eb6cd57a 25468 lighttpd-mod-cml_1.4.31-4+deb7u2_i386.deb
 3aa8f1f807064b717417d1adbb7941b1252cdd17 26434 lighttpd-mod-magnet_1.4.31-4+deb7u2_i386.deb
 bd3dbc06b1f27a6a733d055be8b8e3088dcfaffd 32694 lighttpd-mod-webdav_1.4.31-4+deb7u2_i386.deb
Checksums-Sha256: 
 e045f7869412025e4f0d94055ee7048ab103524819cf13da9e9b462b4eb9fbd5 2040 lighttpd_1.4.31-4+deb7u2.dsc
 d225e7f634fa80374b4610e134c767d911dac77da4b3556b84b603d0e938a4d9 33310 lighttpd_1.4.31-4+deb7u2.debian.tar.gz
 171c3d2849ff1b3a05f385c84f45d5f1d0aa570f0abbeff6365956376a885453 297994 lighttpd_1.4.31-4+deb7u2_i386.deb
 56f36c5831c4e5723f3d2f141d4eb58c44a4e0452d174e9d682820b9cc32a2a3 64468 lighttpd-doc_1.4.31-4+deb7u2_all.deb
 172ddc03da23b745002f274844518e1a5bf295067a8ee61c301942265d84aa27 20104 lighttpd-mod-mysql-vhost_1.4.31-4+deb7u2_i386.deb
 c177bf3ce4251f5ea5dacbdf86fff90b73d81aa309edfa524cef79437a2c47d1 21564 lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u2_i386.deb
 247d664c5ec9185c0bfe001c13b69f147fd6a35fde8b4ad40192e82c71611ced 25468 lighttpd-mod-cml_1.4.31-4+deb7u2_i386.deb
 1320a068239840bb7a537484fc807c0f0b69f7a0776d21cab0be669a048a85fa 26434 lighttpd-mod-magnet_1.4.31-4+deb7u2_i386.deb
 8754bcccaeaca96ec7b5c31c59e15c21e27fd1c86bb4fd659fdb89d136e3503c 32694 lighttpd-mod-webdav_1.4.31-4+deb7u2_i386.deb
Files: 
 a8323e59728abfab9aada0e14550e16f 2040 httpd optional lighttpd_1.4.31-4+deb7u2.dsc
 961b3e3f674d7cacfafe8c6fe5fd4fed 33310 httpd optional lighttpd_1.4.31-4+deb7u2.debian.tar.gz
 5bd7eeed328a17f48f53a5196cf4f13a 297994 httpd optional lighttpd_1.4.31-4+deb7u2_i386.deb
 aaea994808cc5434c83b664c16606345 64468 doc optional lighttpd-doc_1.4.31-4+deb7u2_all.deb
 1fff33bb6d6351323ad7dafc37871318 20104 httpd optional lighttpd-mod-mysql-vhost_1.4.31-4+deb7u2_i386.deb
 f037a035678193efc8b085efc2c2938d 21564 httpd optional lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u2_i386.deb
 182f0d21feaf3c046ca1eb70f7a3aeb5 25468 httpd optional lighttpd-mod-cml_1.4.31-4+deb7u2_i386.deb
 4a8b4f414b29553298e8fbfea6ccfabb 26434 httpd optional lighttpd-mod-magnet_1.4.31-4+deb7u2_i386.deb
 9518407cd79fbefc283d4f5ce71dc41f 32694 httpd optional lighttpd-mod-webdav_1.4.31-4+deb7u2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iD8DBQFShKLpbxelr8HyTqQRAsgAAJ9OHoHxh55UTnANLJaf0gjF49f5XACgkrBr
Iwc6oRCSjaRiNHj4PdrsegI=
=iuwe
-----END PGP SIGNATURE-----




Bug reopened Request was from Roland Koebler <r.koebler@yahoo.de> to control@bugs.debian.org. (Thu, 05 Dec 2013 21:54:04 GMT) Full text and rfc822 format available.

No longer marked as fixed in versions lighttpd/1.4.31-4+deb7u2 and lighttpd/1.4.28-2+squeeze1.5. Request was from Roland Koebler <r.koebler@yahoo.de> to control@bugs.debian.org. (Thu, 05 Dec 2013 21:54:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#729555; Package lighttpd. (Fri, 06 Dec 2013 09:48:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to r.koebler@yahoo.de:
Extra info received and forwarded to list. Copy sent to Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>. (Fri, 06 Dec 2013 09:48:22 GMT) Full text and rfc822 format available.

Message #86 received at 729555@bugs.debian.org (full text, mbox):

From: r.koebler@yahoo.de
To: 729555@bugs.debian.org
Subject: Bug#729555: NOT fixed in lighttpd 1.4.28-2+squeeze1.5/1.4.31-4+deb7u2
Date: Fri, 6 Dec 2013 10:47:56 +0100
Hi,

the new versions (1.4.28-2+squeeze1.5, 1.4.31-4+deb7u2) do *not* fix 
this problem at all. So, I'm reopening this bug.


regards,
Roland



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:15:28 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.