Closed
Bug 1166216
Opened 9 years ago
Closed 9 years ago
FF38, Secure Connection Failed (sec_error_bad_der) on internal certificates
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: sylvain.faivre, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150417180243 Steps to reproduce: With Firefox 38, visit corporate internal SSL websites. Actual results: With Firefox 38, SSL certs signed by our internal CA are rejected with this message : Secure Connection Failed An error occurred during a connection to xxxxx.xxxxx.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) Expected results: Up to Firefox 37.0.2, these certificates are accepted. Here is the info from the site certificate, and from the CA certificate : > openssl x509 -text -in site-xxxxx.pem -noout Certificate: Data: Version: 3 (0x2) Serial Number: 6 (0x6) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=xxxxx, OU=xxxxx, CN=Internal services CA Validity Not Before: Oct 11 14:35:49 2010 GMT Not After : Oct 8 09:54:28 2015 GMT Subject: C=FR, O=xxxxx, OU=xxxxx, CN=xxxxx.xxxxx.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:be:df:15:e7:a2:8d:a1:8e:7e:f9:5a:9e:7e:07: 67:43:c6:c7:8d:8c:78:fe:15:d8:47:e2:d4:32:35: bc:60:8a:f8:4a:8a:4c:84:c3:24:ea:0f:d1:5e:80: d9:23:88:29:99:14:66:da:87:aa:bb:91:59:26:93: 68:b4:2d:b7:f3:b3:8c:e6:1f:ac:69:2f:7e:b9:70: 99:1b:02:ac:fb:e1:07:ba:56:a4:32:e1:3e:1e:cd: 33:df:0f:16:59:17:39:4b:4a:37:0d:e6:06:e6:cd: 75:df:27:b1:af:5f:8b:12:6f:1b:02:61:39:08:65: d1:55:94:c2:a1:35:da:c6:13 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:BD:44:52:6F:2F:D9:6A:DB:AA:07:AA:29:07:55:B2:51:99:B8:10:65 X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement X509v3 Extended Key Usage: E-mail Protection, TLS Web Client Authentication, TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://www.xxxxx.com/crl Signature Algorithm: sha1WithRSAEncryption aa:b7:c9:d5:09:46:25:bd:f2:60:cc:ab:9b:b9:08:db:64:8d: 14:71:c3:d6:ce:87:11:4e:d0:ac:20:46:16:32:4c:61:d8:1e: 96:98:57:bc:16:eb:a7:cd:70:b4:e9:bf:20:89:40:f8:79:5a: 98:51:71:15:ea:28:05:99:34:f2:ab:9e:87:78:1c:29:fe:83: 28:ff:14:b0:c7:21:4a:37:93:ee:cc:ef:78:2e:19:2c:66:d0: 29:f7:02:9d:16:b5:df:76:86:1c:4a:7c:4c:51:6a:1b:cd:4c: 96:a3:06:7e:02:1b:2c:5f:8d:bc:43:7f:69:81:b4:12:b7:73: 95:06:06:32:e7:f2:6f:8b:db:4b:ad:b6:4b:24:ab:d6:f2:40: 9a:26:a8:48:24:fa:91:5f:d8:d7:aa:43:78:45:56:bc:de:3e: 07:0a:0f:73:85:a6:e9:dd:83:d1:1b:27:b8:84:32:dd:1d:db: f6:62:66:8d:81:af:42:19:02:96:83:33:8b:35:c3:00:73:60: 29:1d:ff:31:8b:5f:e9:32:c1:86:52:a4:8a:06:50:5b:41:6a: dd:83:db:18:a7:2c:fd:0f:20:d2:a4:bb:46:29:e1:c0:bb:9f: 9c:a0:4a:5c:23:09:58:5c:0a:a9:8c:61:aa:32:fd:79:fd:95: a4:67:c5:03 > openssl x509 -text -in InternalservicesCA.pem -noout Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=xxxxx, OU=xxxxx, CN=xxxxx root CA Validity Not Before: Oct 8 09:54:28 2010 GMT Not After : Oct 8 09:54:28 2015 GMT Subject: C=FR, O=xxxxx, OU=xxxxx, CN=Internal services CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d9:56:83:09:c7:12:cb:9b:39:53:a0:10:df:6e: 24:b4:df:31:7a:ca:25:9c:c0:1c:10:da:8f:61:a7: 57:e1:fd:dd:41:8a:4c:80:87:6f:74:e6:68:15:d2: ec:56:69:89:8b:49:70:62:f8:2d:ab:91:1a:af:6e: dc:98:86:38:f5:15:3e:f7:2b:f8:f8:10:13:12:b6: 15:57:22:90:0c:b6:38:6d:87:fc:25:aa:bd:62:f6: 69:1d:53:4d:9e:03:99:42:bf:0c:da:79:54:fb:88: 2e:a9:fb:1d:3e:ff:f5:48:97:e6:02:e9:0d:f3:5f: c1:6f:1f:99:bf:e6:08:3d:34:cf:3a:df:77:23:ea: 8d:2b:70:4e:74:8d:b6:aa:18:49:9d:92:65:39:bb: 89:f7:b3:e2:38:38:46:34:ea:01:58:06:f3:04:be: 0d:df:93:ef:93:7d:4f:0e:ae:62:9e:09:50:2b:f2: 1f:ed:ba:4e:67:f1:19:bb:4f:53:59:19:2c:76:67: f9:b1:c3:af:43:c1:97:69:3c:ad:40:da:da:60:cd: 07:21:d8:67:b1:a8:e2:03:a7:16:4c:2d:4d:49:d4: a9:7f:d6:24:db:b0:78:1d:0d:71:7f:35:55:be:a5: ee:41:0e:d8:70:f9:43:6c:c2:92:7d:e0:3d:d1:ea: e3:4d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:E0:A7:FA:EE:4E:CF:22:A3:A3:9A:6E:96:E0:5B:62:1E:6E:CD:91:BF X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: BD:44:52:6F:2F:D9:6A:DB:AA:07:AA:29:07:55:B2:51:99:B8:10:65 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: Full Name: URI:http://www.xxxxx.com/crl Signature Algorithm: sha1WithRSAEncryption 11:1c:42:2c:2e:92:15:3d:c4:8f:76:82:95:e5:06:d2:e7:06: 6f:4d:91:28:5e:f5:6d:8f:db:e5:e9:bc:3a:97:08:36:d6:cb: 02:61:3a:3a:23:5c:6a:9d:96:70:f6:ae:b0:e0:64:39:d2:80: 15:5d:a1:4e:43:b1:16:0c:00:bd:db:b3:5a:1a:29:0f:08:56: f3:a7:af:49:18:e9:a9:65:bd:b6:66:0d:ce:5c:51:27:12:cf: ac:f5:3f:41:b8:61:c2:28:1d:d5:55:4b:c3:51:86:b5:46:5d: ba:51:ed:8a:5e:59:77:eb:39:9f:f4:74:eb:f4:d5:ad:34:b5: 5f:bf:ee:66:fb:1c:7d:f7:21:97:b1:26:8f:96:ed:e7:78:ab: d1:51:a3:48:07:41:07:c3:c1:16:e0:b6:be:ee:f4:32:46:9c: f4:2e:13:fa:28:e9:94:60:e6:f7:a6:96:c4:7d:7d:6d:54:f3: 77:dc:c9:52:31:d3:91:b4:1a:5a:ac:3f:90:96:e1:56:d1:1c: b6:2f:1c:73:c9:d9:af:bf:42:4e:d9:47:bf:df:9e:37:9c:62: d9:4e:73:35:b7:32:8d:eb:ab:68:d6:d9:d5:48:e8:5b:d5:9d: ae:e9:d0:9a:c0:ab:0d:eb:9a:af:fd:06:85:0f:68:2b:79:33: 73:34:ca:d7
Reporter | ||
Comment 1•9 years ago
|
||
And here is the info for our root CA, which I forgot in the bug report : > openssl x509 -text -in xxxxxrootCA.pem -noout Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=xxxxx, OU=xxxxx, CN=xxxxx root CA Validity Not Before: Oct 8 09:47:44 2010 GMT Not After : Oct 8 09:47:44 2020 GMT Subject: C=FR, O=xxxxx, OU=xxxxx, CN=xxxxx root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d6:c5:a5:56:42:ea:4f:95:39:87:d4:4b:41:85: 95:f1:09:88:13:60:50:fb:10:ea:d6:84:87:d9:fa: 42:e3:69:7e:ab:31:fb:d6:0c:1b:f2:8c:da:72:7f: 74:69:ce:1a:4c:2c:18:e6:e7:84:94:4a:6b:78:e3: a2:70:f6:62:53:7b:3c:ef:e8:32:f6:95:4f:a5:d1: 69:5f:30:35:f7:d5:56:f3:0a:d8:a6:85:af:00:05: e4:b3:a4:0e:53:5f:b3:ac:d5:60:b8:24:85:d7:93: f6:19:a9:a3:3c:a8:7b:1b:e2:5d:b9:20:5f:6e:db: 0f:da:d7:0b:4f:2e:8c:5d:75:c5:99:ac:fa:e1:10: c7:72:64:82:3b:93:2a:77:da:5a:b3:06:9b:d5:b2: 9f:26:49:f2:98:39:f3:c9:02:d8:7b:e1:33:5b:7d: 9d:f1:5a:0d:6a:32:1e:de:71:10:c4:a2:4d:5f:b0: ad:71:64:be:83:c4:ff:e3:99:1c:30:47:98:33:64: 0c:ae:fa:1d:9b:b0:13:fc:db:11:a2:2f:81:42:22: de:ad:3a:01:57:64:38:6d:6e:b5:dd:fc:23:cd:f3: db:a9:24:20:a7:20:a6:d0:42:e7:3f:2e:01:73:73: 1c:84:d4:01:bc:d7:00:9d:f6:69:90:f4:98:ef:51: 79:1b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: Full Name: URI:http://www.xxxxx.com/crl X509v3 Subject Key Identifier: E0:A7:FA:EE:4E:CF:22:A3:A3:9A:6E:96:E0:5B:62:1E:6E:CD:91:BF X509v3 Authority Key Identifier: keyid:E0:A7:FA:EE:4E:CF:22:A3:A3:9A:6E:96:E0:5B:62:1E:6E:CD:91:BF Signature Algorithm: sha1WithRSAEncryption 12:e8:a3:9d:db:ba:e3:17:bb:71:8b:02:b1:5d:20:f6:61:8d: 5b:23:13:22:a9:be:23:60:e6:95:5c:aa:86:79:68:d3:e5:5b: a6:95:08:9c:46:eb:11:82:70:07:21:67:ed:30:55:2e:d2:41: 19:bb:c6:f7:f9:8c:4c:ba:69:9c:cc:6d:3f:19:db:f5:93:eb: c8:19:2c:fb:09:b7:c4:de:ae:18:7c:b1:01:29:4b:e3:a7:c5: 15:97:f6:ef:cb:e0:a8:57:de:ac:f3:5d:c2:11:44:af:39:10: ba:60:16:4f:51:84:80:f7:ed:e3:de:ce:1a:16:11:80:db:f1: 82:b9:f7:58:22:3b:1b:1b:33:1e:49:10:a8:40:bf:3b:21:22: bf:a8:52:c9:39:23:f1:8b:51:14:80:b9:43:e1:a0:e2:1e:70: 6a:ba:c3:31:ef:bc:0a:1d:e4:57:e4:96:71:e5:fc:8d:62:5e: 24:93:8f:47:15:4f:5f:05:7e:06:2d:d7:d2:33:47:6c:44:55: df:7e:ad:be:24:d5:4c:f5:47:65:21:82:61:70:02:6d:3d:d3: 0a:28:5d:a7:a7:5d:29:67:8b:a8:12:4a:8b:ee:05:4f:90:b2: 96:fa:87:c5:4f:14:56:da:2f:a0:00:2a:4b:dc:a7:90:26:98: 5e:0f:35:8d
Updated•9 years ago
|
Component: Untriaged → Security: PSM
Product: Firefox → Core
Hi Sylvain, thanks for reporting this. sec_error_bad_der usually indicates a certificate is encoded in a way Firefox isn't expecting. To diagnose the issue, it would be helpful to be able to examine the certificates directly. If you can't post them in the bug here, would you mind emailing them to me? Thanks.
Flags: needinfo?(sylvain.faivre)
Comment 3•9 years ago
|
||
I'm having the same issue, but it's a little more extreme. Our company installed a transparent SSL proxy that mints certificates as needed, so they can look into secure traffic for corporate security reasons. I have installed the root certificate required to get this to work in the FF cert store, and all worked fine in FF37. But since FF38, I am completely unable to connect to ANY secure sites, because the certs being minted by our appliance throw the same DER error. Everything seems to work in IE and Chrome. If there is anything I can provide to help troubleshoot this, please let me know.
Comment 4•9 years ago
|
||
We use an SSL proxy and post upgrade to FF 38 we are having this issue. I tested on FF 36 going to SSL proxied URLs and can get to them without issue and can confirm they are being SSL proxied. I upgraded to FF 38 and get the error pasted below for all SSL proxied web sites. An error occurred during a connection to www.traxion.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
One common issue appears to be the encoding of the RSA modulus. If the highest bit of an integer is set, the proper DER encoding requires a leading zero byte to indicate that the integer is a positive value, not negative.
Flags: needinfo?(sylvain.faivre)
Comment 6•9 years ago
|
||
Thanks David, I was able to confirm there is a bug in our SSL proxy.
Reporter | ||
Comment 7•9 years ago
|
||
Sorry I didn't have time to come back to this bug earlier. Our certificates are not RFC compliant, and even though Firefox used to accept them, it rightly refuses them now. So, I'm closing this bug. Here is some more info on how to debug it. This might be useful to anyone having the same problem. Quoting David : « It looks like those certificates don't include NULL in the parameters field of the algorithm field of the subject public key info. According to RFC 3279 section 2.3.1 this is required for RSA keys: "The rsaEncryption OID is intended to be used in the algorithm field of a value of type AlgorithmIdentifier. The parameters field MUST have ASN.1 type NULL for this algorithm identifier." It looks like the encodings of the moduli are problematic as well. Since the highest bit of each of those numbers is set, there needs to be a leading zero byte to indicate that they are positive values, not negative. [...] One tool I use is http://lapo.it/asn1js/ - you can paste in the PEM encoding of the certificate and have it decode the ASN.1. What you're looking for is "OBJECT IDENTIFIER 1.2.840.113549.1.1.1", which is rsaEncryption. There should be a NULL right below it in the same column (if there isn't, then that certificate should be regenerated). In terms of the negative INTEGER issue, after that OBJECT IDENTIFIER there should be a BIT STRING of SEQUENCE of two INTEGERs. If any of them are negative, again the certificate should be regenerated. » And here is how to check your certificates on the command line with "openssl asn1parse" : After the line "OBJECT IDENTIFIER 1.2.840.113549.1.1.1" you should have a line with "NULL", my cert doesn't have this line. Then in the SEQUENCE of 2 INTEGERs, both of them should be positive. openssl asn1parse -in ~/Desktop/CA/bad-cert.pem -i [...] 261:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 272:d=3 hl=3 l= 140 prim: BIT STRING [...] openssl asn1parse -in ~/Desktop/CA/bad-cert.pem -i -strparse 272 0:d=0 hl=3 l= 136 cons: SEQUENCE 3:d=1 hl=3 l= 128 prim: INTEGER :-4120EA185D725E718106A56181F898BC393872738701EA27B81D2BCDCA439F7507B575B37B3CDB15F02EA17F26DC77D666EB99257855446EA6D96C974BD2480C4C7319E05396D081468F66E4FD53041EF845A95BCD1EC1E132CC20F0E9A6E8C6B4B5C8F219F919328A20D84E50A074ED90E4FD9EC6F79A2EAA6B3D5ECA2539ED 134:d=1 hl=2 l= 3 prim: INTEGER :010001 openssl asn1parse -in ~/Desktop/CA/good-cert.pem -i [...] 266:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 277:d=4 hl=2 l= 0 prim: NULL 279:d=3 hl=4 l= 527 prim: BIT STRING [...] openssl asn1parse -in ~/Desktop/CA/good-cert.pem -i -strparse 279 0:d=0 hl=4 l= 522 cons: SEQUENCE 4:d=1 hl=4 l= 513 prim: INTEGER :BDF0E56C55A92E00F37368C37DE5F6459182044BBDACC612B3C0C4D1A603EED2622C8142328DAC8BB2162DA0FA49E9A48FA3A436570F665DA9E29035EA66CBB9403E53AF6ABF9265160E0A2E9C9939143A0B7806B78C229708D29438CEE740A953D66A56B0E4C716ED2A9F3E54482CC6B3668D4D94E40788797C411BECFEE4EA06E1CA7493CBB1523F75AFECDFD64A7E5CA26380DC626D8FA91A9CA412B80ACFB60A93E06B1BE7439D5FEDAF231FDB00314D3C429350C162F0EBC9487B8FA391DD9C4FD6F3DC37E5BFD0B85A5B55541EE95DF4C1E974D05332F8E3242B2520F69644432AC4F9917D6ADC8849ABD50C184D484B757926B620BADDED1A25DE44D803AFD2EFA10FE219974BA992A2A2966AA4DDC22FE7E6B5A5E86B5810F93857AE62E9C721E47A52EBFF40B12601F3980BB1FA974061BBE7292AF45DBD342C9894444F70D276262D38FA3F64D6D50B87240BDEEAFDA53A71004491FBF1F8D1E9271301528B111D669EF85EF1C476CDF372E8D7283F046F0E564F704B7514EE213DFE379C09CDC18098C24C9DD30DBC68BD684CC60CE207F417D2024CDBE703BB4B68CAF1834E1CE3A08B370DECC17868A345765019A8797D89FF100788B3AF52EB9FF15A76E8D1DDC2EC02DBB604345B91A8B0BB62BD49A1A10D6A1D637CE2AE78900F8AF48ED0D1FEDD451843C73DC 73AD12554 54A7B70F37B440BB48F923B1D9 521:d=1 hl=2 l= 3 prim: INTEGER :010001
Reporter | ||
Comment 8•9 years ago
|
||
Our certificates are not RFC compliant, and even though Firefox used to accept them, it rightly refuses them now. So, I'm closing this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•