The Moose and Squirrel Files

October 26, 2008

Debugging SSL/TLS Certificate Operations with OpenSSL

Filed under: Certificates — Tags: , , , — networknerd @ 9:25 am

OpenSSL provides a convenient method of testing SSL connections to debug problems like untrusted CA certificates and client certificate authentication problems.

The s_client command can be used to debug connections to servers.  In this example I test client certificate authentication to an openldap server.  By using the -msg switch the TLS handshake messages are displayed.  William Stallings wrote an excellent article on the TLS handshake protocol, which I would highly recommend for an easy to understand overview.

[adios@adios-bootcd ~]$ openssl s_client -connect localhost:636 -CAfile /media/usb/ldap/Acme/cacert.pem -cert /media/usb/ldap/Acme/ldapmgr.pem -key /media/usb/ldap/Acme/ldapmgrkey.pem -msg
Enter PEM pass phrase:clientcertpassword
CONNECTED(00000003)
>>> SSL 2.0 [length 008c], CLIENT-HELLO
01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
….
9b 73 89 fb de 2e 68 1e 73 da b9 64
<<< TLS 1.0 Handshake [length 004a], ServerHello
02 00 00 46 03 01 49 03 8d fb 96 a9 59 d0 6e 3a
….
51 01 3b 1d 54 5b 66 00 35 00
<<< TLS 1.0 Handshake [length 05cb], Certificate
0b 00 05 c7 00 05 c4 00 02 df 30 82 02 db 30 82
….
ed dc 7c 69 e2 24 d0 04 52 fb 12
depth=1 /C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
verify return:1
depth=0 /C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
verify return:1
<<< TLS 1.0 Handshake [length 0060], CertificateRequest
0d 00 00 5c 02 01 02 00 57 00 55 30 53 31 0b 30
….
55 04 03 13 0b 54 72 75 73 74 6d 61 73 74 65 72
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
>>> TLS 1.0 Handshake [length 05cf], Certificate
0b 00 05 cb 00 05 c8 00 02 e3 30 82 02 df 30 82
….
79 95 76 6a ed dc 7c 69 e2 24 d0 04 52 fb 12
>>> TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 3e 05 96 a4 7c 76 cc 0f 9d 03
….
4e 28 17 81 c2 f8
>>> TLS 1.0 Handshake [length 0086], CertificateVerify
0f 00 00 82 00 80 59 03 45 a1 19 4a ca 4e 02 89
….
5b 67 4c 98 c2 bb
>>> TLS 1.0 ChangeCipherSpec [length 0001]
01
>>> TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c 5b 40 c8 f0 de 25 c3 44 4f c9 79 40
<<< TLS 1.0 ChangeCipherSpec [length 0001]
01
<<< TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c f8 c5 60 53 fb cc a6 67 7f bd 18 ab

Certificate chain
0 s:/C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
i:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
1 s:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
i:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster

Server certificate
—–BEGIN CERTIFICATE—–
MIIC2zCCAkSgAwIBAgIJANM+KYmr52JAMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMRkwFwYDVQQKExBEb2RneSBDQSBQ
dHkgTHRkMRQwEgYDVQQDEwtUcnVzdG1hc3RlcjAeFw0wODEwMTcyMjQxNTZaFw0w
OTEwMTcyMjQxNTZaMIGOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDERMA8GA1UEBxMIQnJpc2JhbmUxFjAUBgNVBAoTDSBBY21lIFB0eSBMdGQxGTAX
BgNVBAMTEGxkYXAuYWNtZS5jb20uYXUxJDAiBgkqhkiG9w0BCQEWFWxkYXBhZG1p
bkBBY21lLmNvbS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv1643tyt
hwVsNHVu/wdn9MHa9uzdTldbnnZxPbYDyy+IYSHIrhV3E+KGOaUmcfnf5NTuKNRy
XQ0RFgyvkUdF9G6k2LlxDiinXC+8JZ8p1FDBpRjxXaIo66GRKl2KqBvujBOd3Tz7
XGBIvsBQNanrLq5aH7Fo0Mdh270l4zO4xJUCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFE+6BZ80WpW1N3+nT80UdrgZSz97MB8GA1UdIwQYMBaAFHP/XSypy1R7
DWslR36JPFtmrmjZMA0GCSqGSIb3DQEBBQUAA4GBABcz3BWYRiAyYh3toM5HQLQN
xXLQFHGz30bYWEqU5vpEOtW1g0VZ2zP5C3bxoIydA4FIrG5Z4Ia1EN/kFy6GPOOE
Dxq3JLOc6oCZNykWf4zu957rG1YSdOvxXrjZ3+FTpz8gyULj9OT9ILJ8inLHioq7
G4oI5wR4HmSPcC945Lo/
—–END CERTIFICATE—–
subject=/C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
issuer=/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster

Acceptable client certificate CA names
/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster

SSL handshake has read 1731 bytes and written 1971 bytes

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol  : TLSv1
Cipher    : AES256-SHA
Session-ID: 3EB070B9ACEFE43151F93E17496D779ABE8A50FE463CE73F0851013B1D545B66
Session-ID-ctx:
Master-Key: 669A8E689E26D4A4B738E2FC2CCC01E99DF571463DD8E6668339C5E72C761209134F83B1C57CE8B9161191B9AF7E97ED
Key-Arg   : None
Krb5 Principal: None
Start Time: 1224969723
Timeout   : 300 (sec)
Verify return code: 0 (ok)

Since the ldap server requires a client certificate if we fail to provide one we will get a fatal handshake failure

[root@adios-bootcd ~]# openssl s_client -connect localhost:636 -CAfile /media/usb/ldap/Acme/cacert.pem  -msg
CONNECTED(00000003)
>>> SSL 2.0 [length 008c], CLIENT-HELLO
01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
….
e9 c4 3b 49 97 30 e8 27 f8 51 bd c6
<<< TLS 1.0 Handshake [length 004a], ServerHello
02 00 00 46 03 01 49 03 a0 14 ec 91 6e ef d1 c5
….
34 d1 11 63 12 5a 88 00 35 00
<<< TLS 1.0 Handshake [length 05cb], Certificate
0b 00 05 c7 00 05 c4 00 02 df 30 82 02 db 30 82
….
ed dc 7c 69 e2 24 d0 04 52 fb 12
depth=1 /C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
verify return:1
depth=0 /C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
verify return:1
<<< TLS 1.0 Handshake [length 0060], CertificateRequest
0d 00 00 5c 02 01 02 00 57 00 55 30 53 31 0b 30
….
55 04 03 13 0b 54 72 75 73 74 6d 61 73 74 65 72
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
>>> TLS 1.0 Handshake [length 0007], Certificate
0b 00 00 03 00 00 00
>>> TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 5c 31 33 b3 37 a5 e2 aa 6a 05
….
64 fe fa 8d aa 21
>>> TLS 1.0 ChangeCipherSpec [length 0001]
01
>>> TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c f2 19 92 71 f2 8d c0 84 00 3a 0a 7b
<<< TLS 1.0 Alert [length 0002], fatal handshake_failure
02 28
4607:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
4607:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

Similarly if the CA certificate of the server is untrusted we will get errors but OpenSSL will continue with the connection, as can be seen in the output of the verify routine in response to the server certificate message.

[adios@adios-bootcd ~]$ openssl s_client -connect localhost:636   -msg
CONNECTED(00000003)
>>> SSL 2.0 [length 008c], CLIENT-HELLO
01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
….
d2 4d 34 75 dc 75 57 b8 d9 9a 52 3a
<<< TLS 1.0 Handshake [length 004a], ServerHello
02 00 00 46 03 01 49 03 a8 82 ca 0d 54 68 ee f7
….
60 ed bb 9d 4a ba 7f 00 35 00
<<< TLS 1.0 Handshake [length 05cb], Certificate
0b 00 05 c7 00 05 c4 00 02 df 30 82 02 db 30 82
….
ed dc 7c 69 e2 24 d0 04 52 fb 12
depth=1 /C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
verify error:num=19:self signed certificate in certificate chain
verify return:0
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
>>> TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 2e 4d f8 4a 1f 70 be 25 00 d9
….
0f d7 2a c8 cd f0
>>> TLS 1.0 ChangeCipherSpec [length 0001]
01
>>> TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c db 63 b6 e9 03 bf 3a 9a 17 ac 70 06
<<< TLS 1.0 ChangeCipherSpec [length 0001]
01
<<< TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c 8d 56 fd 05 01 dc a1 1e 64 8b fc cd

Certificate chain
0 s:/C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
i:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
1 s:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster
i:/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster

Server certificate
—–BEGIN CERTIFICATE—–
MIIC2zCCAkSgAwIBAgIJANM+KYmr52JAMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMRkwFwYDVQQKExBEb2RneSBDQSBQ
dHkgTHRkMRQwEgYDVQQDEwtUcnVzdG1hc3RlcjAeFw0wODEwMTcyMjQxNTZaFw0w
OTEwMTcyMjQxNTZaMIGOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDERMA8GA1UEBxMIQnJpc2JhbmUxFjAUBgNVBAoTDSBBY21lIFB0eSBMdGQxGTAX
BgNVBAMTEGxkYXAuYWNtZS5jb20uYXUxJDAiBgkqhkiG9w0BCQEWFWxkYXBhZG1p
bkBBY21lLmNvbS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv1643tyt
hwVsNHVu/wdn9MHa9uzdTldbnnZxPbYDyy+IYSHIrhV3E+KGOaUmcfnf5NTuKNRy
XQ0RFgyvkUdF9G6k2LlxDiinXC+8JZ8p1FDBpRjxXaIo66GRKl2KqBvujBOd3Tz7
XGBIvsBQNanrLq5aH7Fo0Mdh270l4zO4xJUCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFE+6BZ80WpW1N3+nT80UdrgZSz97MB8GA1UdIwQYMBaAFHP/XSypy1R7
DWslR36JPFtmrmjZMA0GCSqGSIb3DQEBBQUAA4GBABcz3BWYRiAyYh3toM5HQLQN
xXLQFHGz30bYWEqU5vpEOtW1g0VZ2zP5C3bxoIydA4FIrG5Z4Ia1EN/kFy6GPOOE
Dxq3JLOc6oCZNykWf4zu957rG1YSdOvxXrjZ3+FTpz8gyULj9OT9ILJ8inLHioq7
G4oI5wR4HmSPcC945Lo/
—–END CERTIFICATE—–
subject=/C=AU/ST=Queensland/L=Brisbane/O= Acme Pty Ltd/CN=ldap.acme.com.au/emailAddress=ldapadmin@Acme.com.au
issuer=/C=AU/ST=Queensland/O=Dodgy CA Pty Ltd/CN=Trustmaster

No client certificate CA names sent

SSL handshake has read 1635 bytes and written 340 bytes

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol  : TLSv1
Cipher    : AES256-SHA
Session-ID: 577521F8CAD8508B6C9B66EDAADBD2B63D481A16A87B77982D60EDBB9D4ABA7F
Session-ID-ctx:
Master-Key: 53521EACA3173067D467E53EABB67869A8E17489DF201972F29314DC3BC4103AE80194F5EAB768F929CFD98B5EDEFC30
Key-Arg   : None
Krb5 Principal: None
Start Time: 1224976514
Timeout   : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: