Closed
Bug 1485013
Opened 6 years ago
Closed 6 years ago
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: roger, Unassigned)
Details
Attachments
(6 files)
User Agent: Mozilla/5.0 (Android 8.0.0; Tablet; rv:61.0) Gecko/61.0 Firefox/61.0 Build ID: 20180807170231 Steps to reproduce: The version reported is 16.0.2 I cannot find that in the dropdown. So I have left it unspecified This bug is similar to 1475348 but on android. Open a website that has a self signed certificate, and try to add a security exception. Actual results: Since updating to Firefox Mobile 16.0.2 I have not been able to access my OpenWrt router configuration pages. Firefox shows the "Untrusted Connection" page with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in the technical details. If I expand the "I understand the risks" section and select "Add permanent exception" all the appears to happen is that the "Untrusted Connection" page is redisplayed. I created a PEM version of the certificate and jumped through all the hoops to get Firefox to dowload it from apache. Firefox said that the certificate had been succesfully installed. However, this made no difference. On trying to access the site the same MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error was displayed. This is driving me nuts. I have tried a number of different forms of self signed certificates, both CA and non CA. Nothing works. I can get CA versions into the trusted store. But the end result is still the same, looping on the Untrusted Connection page. I need remote access from my tablet to this site. This is getting critical. I have had no responses to help request i placed on the support forum. Expected results: I expect to be able to add an exception that allows me to access the site.
|
||
Comment 1•6 years ago
|
||
I am able to add an exception for a self-signed cert from https://self-signed.badssl.com. I suspect that if Firefox is not allowing you to add an exception the cert uses a deprecated signature and/or SSL version.
|
Reporter | |
Comment 2•6 years ago
|
||
The problem appears to that certs without the x509 v3 extensions cannot be added.
The certificate I discovered the problem with was the default uhttpd certificate used by openwrt installations. Tnis cettificate looks like this.
roger@dragon:~/droid$ openssl x509 -inform der -in uhttpd.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:32:0b:b8:3d:cb:ed:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = LEDE-STABLEabfb6c38, CN = LEDE-STABLE
Validity
Not Before: Mar 23 10:03:40 2018 GMT
Not After : Mar 22 10:03:40 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = LEDE-STABLEabfb6c38, CN = LEDE-STABLE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:74:3e:19:fc:24:28:0d:9f:d1:4c:b1:26:13:
ea:67:c2:39:b6:c8:d5:88:30:4b:3f:02:f9:d6:f4:
07:93:74:c6:aa:c7:9d:4e:39:59:87:f1:ee:05:02:
e3:1d:38:2a:00:4c:9f:af:53:e7:a8:8d:22:5e:ae:
0e:d3:72:7e:c4:98:1f:5b:75:ee:7c:71:2d:cc:16:
8f:27:f2:c3:a5:09:b2:28:a9:8e:6f:61:e1:e9:0c:
5a:8a:86:c0:50:ac:68:e5:29:f3:6b:65:a6:50:84:
4d:c1:54:51:b9:05:85:8a:1e:23:f5:a0:42:df:b6:
86:22:fb:41:db:e5:94:a5:e6:c3:c1:82:4f:a5:be:
10:e5:00:38:39:30:91:14:e2:ec:34:06:d0:ce:23:
a7:4f:f6:79:5d:8d:fa:75:2a:5b:3b:35:a7:6f:75:
b2:f4:07:0a:e1:9b:a5:c7:73:b3:a9:ad:82:b0:a0:
d5:f2:91:ad:14:1d:65:da:e2:a8:cf:3d:8e:9a:d8:
a8:94:99:ca:c4:a4:c9:fb:75:87:13:9c:26:73:2b:
cf:d8:b7:98:1b:3a:25:59:07:77:7f:a2:f3:a2:e4:
ad:fd:ce:73:f5:e5:9f:8e:0b:75:7d:93:69:bb:77:
9c:ac:9c:51:a0:b6:60:85:f7:10:15:21:55:f5:40:
24:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:79:FF:3F:FF:19:6B:D6:11:FD:7E:9D:0E:8A:DA:80:69:9D:12:27
X509v3 Authority Key Identifier:
keyid:8A:79:FF:3F:FF:19:6B:D6:11:FD:7E:9D:0E:8A:DA:80:69:9D:12:27
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
74:45:57:09:ce:cc:33:ea:97:da:55:26:5a:b5:dc:50:fe:1b:
e0:ee:5d:ac:78:eb:15:ba:3f:0a:30:21:91:1f:54:71:53:5e:
f0:a0:2d:03:96:79:0b:28:1a:61:6e:9b:da:db:a0:fd:45:ea:
e8:ae:4f:b3:97:f6:2e:22:79:8b:36:43:d4:78:d9:be:26:7e:
4f:9e:c5:dd:7d:76:78:11:bb:93:a4:4d:93:67:56:02:09:3a:
2e:c3:c7:f2:f1:94:16:e1:7c:14:08:80:57:c8:21:ef:94:9e:
0f:92:98:51:84:26:72:b6:34:2f:cc:cc:5f:49:a1:1d:81:e7:
9f:ca:bd:9c:1d:2c:23:3f:8d:6d:58:35:e2:93:74:3a:65:f2:
24:56:6e:74:2c:d2:f9:5c:e6:9e:32:19:11:27:4f:31:c5:dd:
fc:3a:49:ca:0b:b1:da:ea:87:46:4a:24:33:4f:d8:02:eb:03:
ba:6c:1f:79:cf:14:22:1a:3b:12:c3:45:2d:c8:ab:f1:58:34:
85:c5:95:10:20:f7:49:9a:2d:76:b2:ad:7f:e1:c3:b0:85:84:
94:b2:64:7e:75:3f:74:0b:b5:71:11:37:61:11:65:95:c1:6a:
f9:70:7c:74:0b:79:2d:f3:81:7a:9b:ba:c1:58:4f:3f:11:11:
df:20:85:a5
I will attach a copy of the cert to this bug.
The cert from badssl.com looks like this.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f9:60:8a:e3:9c:27:f4:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
Validity
Not Before: Aug 15 15:21:53 2018 GMT
Not After : Aug 14 15:21:53 2020 GMT
Subject: C = US, ST = California, L = San Francisco, O = BadSSL, CN = *.badssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c2:04:ec:f8:8c:ee:04:c2:b3:d8:50:d5:70:58:
cc:93:18:eb:5c:a8:68:49:b0:22:b5:f9:95:9e:b1:
2b:2c:76:3e:6c:c0:4b:60:4c:4c:ea:b2:b4:c0:0f:
80:b6:b0:f9:72:c9:86:02:f9:5c:41:5d:13:2b:7f:
71:c4:4b:bc:e9:94:2e:50:37:a6:67:1c:61:8c:f6:
41:42:c5:46:d3:16:87:27:9f:74:eb:0a:9d:11:52:
26:21:73:6c:84:4c:79:55:e4:d1:6b:e8:06:3d:48:
15:52:ad:b3:28:db:aa:ff:6e:ff:60:95:4a:77:6b:
39:f1:24:d1:31:b6:dd:4d:c0:c4:fc:53:b9:6d:42:
ad:b5:7c:fe:ae:f5:15:d2:33:48:e7:22:71:c7:c2:
14:7a:6c:28:ea:37:4a:df:ea:6c:b5:72:b4:7e:5a:
a2:16:dc:69:b1:57:44:db:0a:12:ab:de:c3:0f:47:
74:5c:41:22:e1:9a:f9:1b:93:e6:ad:22:06:29:2e:
b1:ba:49:1c:0c:27:9e:a3:fb:8b:f7:40:72:00:ac:
92:08:d9:8c:57:84:53:81:05:cb:e6:fe:6b:54:98:
40:27:85:c7:10:bb:73:70:ef:69:18:41:07:45:55:
7c:f9:64:3f:3d:2c:c3:a9:7c:eb:93:1a:4c:86:d1:
ca:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:*.badssl.com, DNS:badssl.com
Signature Algorithm: sha256WithRSAEncryption
aa:fb:26:d6:47:4c:3b:98:b3:cf:ef:18:31:6b:b5:76:fe:76:
48:dd:36:c6:44:22:0c:95:87:8b:d6:66:d2:ce:00:db:4e:df:
dc:0c:fc:bc:06:5d:44:a3:a2:71:2c:60:96:9b:26:06:29:45:
d4:52:7b:1e:35:7f:bf:10:7e:70:11:26:89:da:ed:f9:1c:73:
56:87:72:2e:e3:76:bc:ec:c5:a3:49:88:27:38:1b:8f:5a:86:
02:75:34:42:05:99:13:5e:11:89:4a:60:d3:45:7b:21:93:eb:
0c:64:2d:a5:7d:02:70:b8:e4:c1:e5:6a:e9:90:ca:b4:49:c2:
e5:c2:40:7f:e2:d7:a5:a4:fe:a0:ed:b2:ed:a7:c3:ab:7e:d7:
73:aa:c0:67:f1:47:d9:2b:c4:38:a4:54:53:b4:62:a8:12:32:
1a:8f:9a:e7:f3:ff:a9:d8:ea:e6:97:b8:ea:b3:1a:ff:8f:ae:
32:59:0e:a0:a8:46:65:4c:aa:b2:12:21:40:0b:58:60:85:df:
26:ac:ad:58:8c:ea:8c:08:12:1b:4d:ef:55:30:ac:56:58:60:
e7:99:f6:7c:36:c2:f4:4a:db:5d:33:73:c2:e5:5a:38:06:e7:
ac:11:90:ba:ea:fe:64:88:36:c4:37:c6:60:a1:3b:53:ec:04:
07:92:1c:35
Note that is has the x509v3 extensions.
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:*.badssl.com, DNS:badssl.com
I think that when a user wants to add an exception for an unsafe certificate then they should be allowed to do it. That is the point of exceptions. Offering to add the exception then not adding it and looping round to offer it again because some extensions are missing from the cert is not good behaviour.|
|
Reporter | |
Comment 3•6 years ago
|
||
This is a binary der encoded certificate. Not a pem one.
|
|
Reporter | |
Comment 4•6 years ago
|
||
I generated a version of the failing cert that had CA:FALSE, this still looped. So the problem is either the lack of a valid Subject Alternative Name extension or the presence of Subject Key Identifier and Authority Key Identifier extensions. All these things occur because the default configuration file distributed with the current version of OpenSSL causes all self signed certificates to be treated as CA certs. So anyone generating a self signed certificate from the command line will get the CA and Key identifier extensions unless they override the default config. I will try and do some more tests in the next few days.
|
|
||
Updated•6 years ago
|
Component: General → Security
OS: Unspecified → Android
Product: Firefox for Android → Core
|
|
Reporter | |
Comment 5•6 years ago
|
||
Test certificate 1.
Has CA set to FALSE. Still fails.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9f:fc:f4:1c:12:2a:d6:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Validity
Not Before: Aug 24 17:09:20 2018 GMT
Not After : Aug 23 17:09:20 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:eb:4a:91:6b:fd:26:e0:ac:11:4e:1f:df:c2:36:
a6:31:2a:62:b2:89:ff:4a:81:2c:0e:31:d8:a8:25:
b2:94:15:d5:6a:41:e9:8f:36:be:07:75:67:e4:c5:
f6:3b:b7:54:ad:28:e8:8d:f3:13:f1:1a:71:60:1f:
8a:6f:8f:ff:96:6b:cf:19:1d:99:fd:68:f4:80:f0:
00:e2:70:a4:15:9e:71:bb:7d:88:7a:c9:57:d3:61:
b0:72:27:df:f3:3d:c3:4a:1b:09:fb:f5:1c:60:59:
4b:d0:db:2d:34:ca:3c:83:2f:76:f5:c4:97:6b:f1:
e3:7d:35:a1:74:1f:19:39:af:9d:fb:98:f1:7b:20:
47:3e:83:cb:d6:ee:c3:5e:1d:33:b8:26:0b:af:82:
5d:11:a6:9d:d1:b0:35:8a:ac:d5:3e:84:a8:18:25:
c4:91:a8:df:88:46:97:aa:65:3a:e1:c8:77:4d:cf:
20:9a:af:75:21:1f:a2:be:37:e6:09:ba:23:b6:ee:
e6:c9:18:30:f5:e3:57:42:ad:71:8d:80:e4:14:76:
d2:15:e6:b0:af:b1:f4:2b:6a:03:bf:43:31:2d:72:
d6:30:ce:3a:f2:b3:e5:3f:88:59:1f:e7:c0:04:28:
f6:cd:34:d4:d0:67:0d:3e:67:c4:6b:4f:1d:5e:f0:
7d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:4A:35:79:43:5E:93:38:88:94:E0:DE:A2:8E:E3:97:16:C4:EE:D0
X509v3 Authority Key Identifier:
keyid:32:4A:35:79:43:5E:93:38:88:94:E0:DE:A2:8E:E3:97:16:C4:EE:D0
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
de:3b:86:4c:14:a9:4e:f6:5a:a4:32:de:6f:42:c6:43:6a:ce:
8c:00:d4:be:bc:04:9c:e9:22:3c:fb:da:48:ec:f4:ad:0b:71:
6e:59:cf:e9:84:73:04:b6:c8:84:72:85:a1:ea:fe:23:44:cf:
93:dc:9b:20:bd:97:22:0d:e8:2d:2e:ba:52:6d:0f:09:61:06:
9f:2c:e8:cf:bb:a7:12:aa:61:e1:da:5b:f0:a6:86:8b:66:2f:
75:07:00:bb:56:9f:74:f5:44:17:d8:1a:98:13:5a:6d:3f:e6:
5e:58:10:e8:d3:45:54:51:b6:01:d1:44:3a:af:a1:60:ed:cc:
61:d0:ae:76:54:28:10:1c:77:ab:92:b0:b7:81:8c:54:cc:00:
05:7b:4f:93:5f:ef:5f:13:2b:41:37:22:c1:41:e4:cf:4c:ff:
d2:b8:68:44:9a:4f:b1:70:ca:f3:71:63:93:c9:de:9d:af:8d:
09:c9:43:a8:36:29:5c:bd:54:28:1c:bd:6e:05:a4:3b:cd:65:
e0:f0:6f:25:24:60:a9:51:fb:6e:e5:e5:5d:38:8a:c4:7d:0e:
0a:6a:90:55:dd:79:2d:e1:73:8e:e0:5d:6f:73:4f:aa:a9:57:
df:cc:03:88:61:b6:f9:75:b4:a3:c3:0d:0f:ad:c4:1a:28:93:
77:dd:86:ec|
|
Reporter | |
Comment 6•6 years ago
|
||
Test certificate 2
Has CA extensions removed. Still fails.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
82:58:94:d0:6d:3c:e2:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Validity
Not Before: Aug 25 15:57:24 2018 GMT
Not After : Aug 24 15:57:24 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:ee:c9:bc:35:d5:81:de:0b:ad:a5:bb:bf:e2:
52:31:f3:72:26:4b:46:f6:68:b4:bd:33:72:a4:d5:
d5:4c:f5:b1:83:0d:20:8f:1e:5e:86:39:b8:b9:48:
37:8a:f1:19:cf:0b:d8:2e:28:e3:8f:14:1e:69:9d:
cd:ba:1a:06:c5:a5:2d:1e:e1:73:cf:e9:a8:cf:82:
8d:89:39:04:fb:18:14:51:e1:1c:20:c4:bf:aa:3b:
d2:93:79:47:41:54:9e:7c:50:fa:b1:57:c6:2e:98:
39:19:1c:c7:3e:ff:4d:91:d9:79:93:89:9a:c6:ec:
29:24:ea:4a:c8:fd:75:40:bc:f6:f3:04:a3:ae:12:
65:76:b8:9c:d6:6e:94:58:78:4f:b6:34:2e:47:c6:
9e:ee:38:ff:3b:f7:5a:a3:24:e6:57:30:b6:b1:b7:
b7:26:7b:17:7a:77:80:b1:a4:74:d4:42:3f:01:f5:
5d:d8:f1:5d:e8:5f:94:37:e8:90:ed:2f:b3:d4:18:
49:0e:05:63:88:ee:14:fb:5b:5c:6c:ca:0a:4d:c3:
4d:51:8b:8c:9d:c4:e4:19:00:98:fb:73:31:91:68:
c7:11:07:c6:df:c7:61:f2:d2:97:3a:89:fb:2b:fd:
3b:64:b1:db:38:d2:63:57:55:2a:30:94:a9:21:9f:
88:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:33:73:5A:FB:8B:26:43:A4:58:A8:83:06:41:F0:7D:EE:7E:50:69
X509v3 Authority Key Identifier:
keyid:E4:33:73:5A:FB:8B:26:43:A4:58:A8:83:06:41:F0:7D:EE:7E:50:69
Signature Algorithm: sha256WithRSAEncryption
37:40:e3:8a:98:ad:71:62:01:c8:52:7e:2d:2e:be:3f:91:d5:
ce:2b:77:de:ba:70:5a:d6:25:04:82:2a:dd:75:6b:12:d4:8b:
9b:55:c3:83:6c:2c:99:16:e3:fd:0d:01:6f:ee:c2:d9:2c:0f:
a5:40:c2:57:ac:0b:5f:28:e1:bc:e0:ba:15:94:24:66:99:53:
54:56:87:a4:9a:73:8d:31:10:da:03:3a:e1:96:03:b4:dc:7a:
d8:c6:04:2b:67:bc:3e:0c:6e:07:c6:ee:cf:75:f5:97:64:94:
7c:de:df:61:84:c8:4c:2c:95:51:a5:e5:97:fd:58:6c:0f:38:
5d:01:95:73:c5:50:3f:7b:26:8a:4d:47:80:04:e2:5d:a0:53:
a4:a4:81:f9:af:8c:ad:f8:71:31:03:0c:7a:8c:ba:cf:a0:71:
60:a2:74:75:b1:30:2b:ab:fa:a0:67:be:81:d6:10:20:34:44:
3e:78:7b:6f:c3:ed:12:1a:1d:d0:97:cf:3a:70:dc:39:c8:30:
52:eb:63:5a:be:c2:7e:bf:f3:0b:79:4d:52:b0:12:c2:8c:82:
31:8a:85:6a:13:7c:fe:aa:32:5f:29:00:8f:49:e4:d3:16:2e:
8b:a3:43:e2:d2:87:77:c5:49:27:1e:d5:8f:fd:77:4f:02:9a:
c4:b0:05:b2|
|
Reporter | |
Comment 7•6 years ago
|
||
Test certificate 3
Has all x509v3 extensions removed. Still fails.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
92:0d:84:ff:51:da:33:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Validity
Not Before: Aug 25 16:04:02 2018 GMT
Not After : Aug 24 16:04:02 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:64:76:8f:e7:cc:59:46:f1:a0:9d:4f:5f:ee:
7c:37:c3:02:f5:42:95:af:9c:e8:51:26:ec:8d:b6:
89:17:7c:48:79:31:ce:f0:d6:00:90:5b:a0:5a:c7:
ee:fd:7a:40:9c:5b:bc:d9:34:af:4b:49:04:63:5d:
d3:c1:0e:fb:fd:8d:fa:9f:70:e6:26:1a:47:cf:dc:
84:10:b9:c7:7e:ad:71:f6:18:90:95:74:fe:75:df:
8e:53:e8:73:34:0b:0c:d5:51:f7:5b:1a:48:b0:44:
bc:3d:f6:20:fd:1e:95:e0:b9:63:0c:74:01:df:44:
e7:47:5d:85:c3:c6:f5:5e:74:cb:5e:84:eb:8d:49:
11:cf:28:65:6b:64:0f:5d:1f:52:67:e7:e5:ec:34:
ba:91:3b:37:23:90:78:c7:d4:95:5d:62:95:87:f5:
03:31:8b:8d:26:78:44:d6:b1:bb:45:63:1d:12:ff:
3b:65:72:24:7a:e3:9e:bc:6a:be:ed:6b:c5:a9:2b:
ac:16:cf:7a:e5:40:39:ae:e7:6f:fa:9b:1e:a3:5e:
17:06:01:96:75:ca:aa:2b:62:eb:93:f0:cd:af:94:
94:78:eb:55:f7:06:59:9b:b9:06:53:94:72:aa:f1:
c7:11:35:7b:96:7d:70:a8:d5:dd:68:00:8d:b6:cf:
41:89
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
91:b5:c5:50:42:60:5c:92:29:96:d9:11:8e:6d:0b:04:58:9d:
af:33:0b:d0:68:3b:4e:03:a4:93:47:8e:82:9f:7b:fa:f8:10:
64:d1:9e:7f:ef:08:d5:92:a4:5d:93:2a:3c:b6:c2:df:9c:ae:
e3:8d:cd:84:b4:b3:e4:3d:ee:a9:22:fa:75:46:03:69:61:c3:
5b:5e:5a:cb:2b:cf:16:79:48:a9:11:c3:b8:78:32:66:32:c1:
d8:38:d3:6c:26:33:8e:4c:bc:c7:56:2d:90:c1:59:c8:cc:d3:
8b:07:9a:38:4a:e2:f2:60:24:16:a1:f2:e3:58:69:d2:4c:ea:
4d:dc:de:1e:e7:4b:8f:17:35:0e:ee:10:34:5e:72:dc:2f:3f:
4c:ff:42:24:4c:bf:24:1f:5f:f3:91:e9:a1:aa:ac:0b:2e:8c:
98:cc:78:84:3b:a4:59:5d:4c:f9:3e:9a:2d:3f:d1:6c:d7:49:
25:05:bc:da:18:d5:39:34:84:f1:1a:ef:b8:86:3e:fb:8d:ef:
d1:06:41:c3:7d:ac:88:b2:2c:0b:fb:d9:26:e1:89:c0:32:e6:
72:5e:8c:47:b3:85:a5:6c:2b:69:bf:fb:9f:96:1d:47:51:58:
b1:95:de:1a:6d:bf:a2:90:f1:5b:03:7a:53:57:2c:a0:f6:91:
77:d4:fa:ac|
|
Reporter | |
Comment 8•6 years ago
|
||
Test certificate 4
Has Subject Alternative Name added but CN unchanged. Still fails.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bd:09:c9:fa:e7:d6:9d:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Validity
Not Before: Aug 25 17:34:17 2018 GMT
Not After : Aug 24 17:34:17 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:13:92:11:9a:5d:19:64:1f:9a:d9:c6:f7:ef:
7a:77:64:08:73:b6:b2:7f:35:fe:14:4c:01:da:a5:
65:54:4d:6c:f1:37:b1:d0:db:63:7a:78:89:79:78:
e2:22:c9:a4:97:18:e3:f4:e8:eb:65:e1:05:a0:35:
44:f3:6f:05:23:4e:4e:e9:89:d6:96:28:1c:67:b6:
e4:a9:45:8c:24:4c:12:d5:04:ac:fc:dc:d4:df:27:
e3:1e:8a:df:61:82:c1:99:2b:d2:0b:d6:de:dd:27:
be:2d:9d:35:0f:80:9e:fa:67:f9:a8:96:62:b6:35:
1f:70:f6:cf:36:6a:fa:65:09:f0:c9:79:ee:e3:07:
77:0c:2c:9f:e7:a8:9c:67:25:64:bd:e3:4d:d1:00:
cd:72:08:4c:34:cd:6a:d1:f9:8d:aa:81:d0:ad:6c:
61:e6:1b:7f:43:43:cd:76:ed:b6:3d:33:af:c3:c7:
7a:51:c4:02:33:3b:9b:ca:f0:0b:16:69:98:6a:b8:
b6:35:2c:2d:12:60:bc:a7:16:dc:c8:d9:9b:57:e6:
57:34:59:ea:44:44:9f:8a:a8:b2:bb:21:91:84:41:
b1:b7:f3:05:0c:76:f4:51:c7:88:a3:16:e4:58:c1:
67:d8:26:3b:1f:19:85:79:3c:1e:93:13:92:09:bb:
c2:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:192.168.10.1, DNS:OpenWrt, DNS:peglegpete, DNS:peglegpete.local
Signature Algorithm: sha256WithRSAEncryption
ac:8b:ea:1d:fc:f4:76:31:b1:51:4d:90:42:53:f1:dc:d3:22:
8f:df:51:18:8a:93:9e:ea:f8:cf:72:c1:f5:5c:cc:c9:1a:a8:
e7:fa:d0:41:29:1f:eb:22:6b:5e:f6:ad:94:1c:0b:d5:80:7f:
de:b4:40:d8:2b:eb:e4:39:de:1c:db:c4:db:34:39:6c:84:58:
a3:ae:55:96:85:f4:c6:73:a6:eb:d4:83:ce:1d:a2:9e:f3:e0:
56:01:31:9f:ab:66:70:d3:fb:b8:2f:f1:16:ca:21:78:c0:00:
a4:9e:31:f8:d0:d5:03:7d:bf:f2:44:5a:79:9c:6d:1d:3c:aa:
f2:21:42:9a:92:8f:0d:3a:d0:fc:d4:97:3c:ff:e8:64:c5:48:
53:9f:2e:4d:f5:64:77:15:17:1c:ef:88:42:91:dc:40:72:96:
c6:75:b6:31:fd:a3:8c:1a:fe:11:a5:c2:d6:89:27:1c:0c:2e:
4f:3f:6a:3d:a2:ab:36:24:f0:e5:5f:8d:85:77:fc:6f:3a:b4:
db:81:41:71:4c:86:31:d0:8c:9b:c8:1a:08:b4:2d:25:b5:e4:
39:aa:ed:8e:ef:58:25:a5:f5:56:be:26:44:0e:1c:c2:f9:1d:
ff:96:41:bc:f8:07:df:5e:a6:ed:88:48:99:59:31:1a:da:38:
eb:61:bc:e0|
|
Reporter | |
Comment 9•6 years ago
|
||
Test certificate 5
Has CN set to IP address and Subject Alternative Name set to match. Still fails
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
be:90:6b:9b:22:90:ed:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = 191.168.10.1
Validity
Not Before: Aug 26 08:37:56 2018 GMT
Not After : Aug 25 08:37:56 2020 GMT
Subject: C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = 191.168.10.1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a2:6d:b7:60:2f:8d:7e:99:20:af:7d:71:ea:3c:
99:7c:98:bd:d9:20:ea:bc:2d:49:37:81:23:98:94:
0d:76:1e:2c:b4:2b:a0:0a:4f:be:a1:20:a9:ed:e9:
b1:54:d1:3f:1b:ce:cf:08:b7:c0:67:51:6d:45:06:
03:50:6a:82:9f:9c:43:c6:a9:c0:6b:c5:9b:df:fc:
4c:78:ab:13:f1:bf:25:85:14:77:c8:e5:0b:88:33:
77:7a:14:ac:2c:8b:3a:7d:e2:49:4a:1b:dd:c8:c1:
8f:b3:82:fa:e0:81:bd:f2:85:ea:e3:ae:b9:8e:55:
d8:14:89:b2:ee:44:7d:48:c9:34:ae:4f:88:04:8a:
5a:59:02:9b:7b:9f:f2:17:16:35:87:fe:be:dc:6b:
ea:ef:ae:50:c0:2d:8b:d6:df:05:c9:d8:60:21:22:
65:83:19:28:8c:2c:28:38:c3:dd:12:2a:09:58:9f:
f1:43:5e:78:1d:68:78:87:80:5d:47:cf:0d:8a:b1:
aa:6d:25:02:00:8b:55:a2:3b:8f:a5:a2:70:06:69:
ae:29:76:57:4e:a0:6e:d3:a9:15:f0:6f:f3:b6:50:
20:4c:2c:9e:7f:1e:d2:82:45:8b:90:37:a5:1b:67:
50:cd:20:48:f5:77:52:01:54:56:72:da:51:51:66:
1d:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:192.168.10.1
Signature Algorithm: sha256WithRSAEncryption
23:f0:9c:ff:97:d7:e2:12:db:c2:6f:61:f8:f5:a9:c5:82:b6:
85:7e:c2:d3:f3:df:d4:09:cc:13:2c:0a:ec:79:3b:7b:24:b9:
bb:06:c3:76:86:f2:a2:95:51:86:0b:67:e5:0b:46:15:3a:d0:
a4:a6:80:a0:01:a3:f0:8f:7d:4a:16:4e:32:a3:7d:d5:d5:56:
b2:4b:24:d0:2b:04:07:1b:2c:87:24:b3:dc:2d:21:e7:7c:4c:
70:ff:14:86:8d:24:c1:3f:7b:78:f1:f0:61:ff:ac:c4:c1:6c:
07:0f:c0:0d:30:7b:c9:e8:bb:2b:fc:77:d4:8e:24:3e:ec:78:
cd:2b:66:12:d5:11:31:63:2b:7a:96:97:a5:34:e3:09:c0:ae:
84:1b:ed:e6:32:94:77:f6:e1:ce:b8:bc:80:22:02:f9:b9:00:
ba:0c:ae:90:74:21:a7:25:19:aa:46:1a:2c:f0:6a:04:76:4e:
57:b0:28:d4:21:97:b2:c5:3a:ae:d5:d1:5a:5d:25:4b:17:23:
e9:01:75:a8:ab:8e:f0:4b:f4:60:c3:23:07:e9:7b:15:63:88:
06:0a:53:2c:27:3f:c3:50:5e:92:c0:ec:d1:d4:03:0a:e6:57:
60:94:04:db:72:d4:87:ef:1c:f6:e2:23:ae:d1:b8:62:d7:dd:
e8:06:86:ac|
|
Reporter | |
Comment 10•6 years ago
|
||
Can someone who knows the code tell me where the code that performs this check is? The only thing that seems to be different between my test certificates and the one from badssl.com seems to be that the badssl cert is using real DNS names in the CN and SAN (Subject Alternative Name). The only other thing I can think is something in the http(s) wrapper that is different between the uhttpd server running on the router and whatever badssl.com are using. I have run out of ideas on how to get a self signed certificate that is acceptable to this browser. The only way I have found that works is to generate a ca certificate then sign a cert with it. Then serve up the ca cert from another web server with the the correct mime type specified.
|
|
Reporter | |
Comment 11•6 years ago
|
||
My ca hack above is only partially successful. The connection is unreliable. Quite often the connection will just stall and you have keep retrying using the back and forward buttons until the connection reestablishes. Looking at the packet traces something really weird and probably insecure is happening. I suspect that is due to the uhttpd server on openwrt not supporting TLS1.3.
Does the server generate a new self-signed certificate each time you connect, or does it re-use the same one?
Flags: needinfo?(roger)
|
|
Reporter | |
Comment 13•6 years ago
|
||
The answer to that is no. uhhtpd is a very lightweight http server designed for embedded environments, in this case openwrt.
Flags: needinfo?(roger)
|
|
Reporter | |
Comment 14•6 years ago
|
||
Clarification. I realise now that I did not need to manually add the CA cert to Firefox. Adding an exception will work if the cert is not self signed even if the ca cert is not in the root store. The instability in the connection in this case looks like an issue with the lack of tls1.3 support in uhttpd. This still leaves the original issue of firefox mobile not being to add an exception for numerous valid self signed certs. Is there any chance that someone can point me at the actual piece of code that does these checks. I do not want to wade through the whole source tree looking for it.
The certificate path building implementation is here: https://searchfox.org/mozilla-central/rev/55da592d85c2baf8d8818010c41d9738c97013d2/security/pkix/lib/pkixbuild.cpp#385 This gets called from here: https://searchfox.org/mozilla-central/rev/55da592d85c2baf8d8818010c41d9738c97013d2/security/certverifier/CertVerifier.cpp#888 The error override checking happens here: https://searchfox.org/mozilla-central/rev/55da592d85c2baf8d8818010c41d9738c97013d2/security/manager/ssl/SSLServerCertVerification.cpp#562 Hopefully that points you in the right direction. Are you visiting many different openwrt devices, each at the same domain name/ip address but with different certificates? This isn't actually something that's supported (basically each new override will overwrite the previous one if the domain and port are the same). There's a bug on this, but I can't find it right now.
|
|
Reporter | |
Comment 16•6 years ago
|
||
Thanks Dana, That is exactly what I need. In answer to your question. I am only testing sgainst one openwrt device. I have been removing and reinstalling firefox mobile to clear the cert store. But it is a real pain to do that. So I was not doing that at the start. So some of my earlier results are suspect. But the main problem is the refusal of firefox mobile to import the certificate in the first place when it is self signed. I have yet to find a form of self signed certificate that can be imported. The badssl.com cert that Kevin provided as an example is not a suitable form for use as a default certificate for a router using openwrt. I will look at the code and see if I can come up with an acceptable form. My investigations have uncovered a number of problems in the uhhtpd server in openwrt that will need to be addressed separately. Hopefully I can up with a means of generating a default certificate for uhhtpd that will be accepted as an exception by the firefox mobile browser. But I still think that firefox mobile desparately needs some usable certificate management and anslysis tools. Roger
|
|
Reporter | |
Comment 17•6 years ago
|
||
I think I am beginning to narrow this down. 1. Firefox mobile loops back to the warning page when talking to uhttpd. In this case the Technical Details drop down on the warning page expands to blank. 2. Using the exact same certificate and key on a apache2 server the details drop down shows the self signed certificate error and one can proceed to the visit site or add permanent. 3. Using firefox desktop (linux) works in both circumstances. The looping behaviour is either a bug in uhttpd or firefox mobile or a combination of both. I cannot seem to get any debug messages out of firefox mobile even when attached by usb and running the browser console over adb. So the only think I can look at now is the packet traces.
|
|
Reporter | |
Comment 18•6 years ago
|
||
Here is a summary of the packet traces.
Apache2
=======
No. Time Dir Source Destination Protocol Length Info
5036 88.068937 5036 192.168.10.122 192.168.10.2 TLSv1.2 583 Client Hello
5038 88.075403 5038 192.168.10.2 192.168.10.122 TLSv1.2 1413 Server Hello, Certificate, Server Key Exchange, Server Hello Done
5040 88.097851 5040 192.168.10.122 192.168.10.2 TLSv1.2 159 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
5041 88.098412 5041 192.168.10.122 192.168.10.2 TLSv1.2 97 Encrypted Alert
5043 88.098853 5043 192.168.10.2 192.168.10.122 TLSv1.2 324 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
5044 88.098855 5044 192.168.10.2 192.168.10.122 TLSv1.2 97 Encrypted Alert
5116 88.282027 5116 192.168.10.122 192.168.10.2 TLSv1.2 219 Client Hello
5120 88.287875 5120 192.168.10.2 192.168.10.122 TLSv1.2 1413 Server Hello, Certificate, Server Key Exchange, Server Hello Done
5123 88.293164 5123 192.168.10.122 192.168.10.2 TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Unknown)
uhttpd
======
No. Time Dir Source Destination Protocol Length Info
461 59.314091 461 192.168.10.122 192.168.10.1 TLSv1.2 583 Client Hello
463 59.314320 463 192.168.10.1 192.168.10.122 TLSv1.2 1824 Server Hello, Certificate, Server Hello Done
466 59.321411 466 192.168.10.122 192.168.10.1 TLSv1.2 408 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
467 59.329286 467 192.168.10.122 192.168.10.1 TLSv1.2 119 Encrypted Alert
474 59.344423 474 192.168.10.122 192.168.10.1 TLSv1.2 219 Client Hello
476 59.346329 476 192.168.10.1 192.168.10.122 TLSv1.2 316 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
478 59.346712 478 192.168.10.1 192.168.10.122 TLSv1.2 1824 Server Hello, Certificate, Server Hello Done
483 59.353234 483 192.168.10.122 192.168.10.1 TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Unknown)
488 59.399857 488 192.168.10.122 192.168.10.1 TLSv1.2 219 Client Hello
490 59.400027 490 192.168.10.1 192.168.10.122 TLSv1.2 1824 Server Hello, Certificate, Server Hello Done
493 59.408145 493 192.168.10.122 192.168.10.1 TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Unknown)
5052 88.111978 5052 192.168.10.122 192.168.10.1 TLSv1.2 219 Client Hello
5054 88.112208 5054 192.168.10.1 192.168.10.122 TLSv1.2 1824 Server Hello, Certificate, Server Hello Done
5057 88.124445 5057 192.168.10.122 192.168.10.1 TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Unknown)|
|
Reporter | |
Comment 19•6 years ago
|
||
Just realised that the above is a bit misleading. All the client hellos mean a new session connection.
|
|
Reporter | |
Comment 20•6 years ago
|
||
The saga of Firefox Mobile, uhttpd, and openssl
======================================
Simple Conclusion
===============
uci set uhttpd.main.redirect_ssl=0
The story so far
=============
If you install openssl on openwrt, then the install procedure will silently switch
uhttpd to using ssl/tls. This is true for manual installs or for automatic
dependency installs.
You will probably not notice anything different until you come across a browser
that cannot handle the default self signed certificate that is generated by the
/etc/init.d/uhttpd start script.
The prime example of this is version 16 and above of the Firefox Mobile
Browser that is used on Android (and IOS).
Testing this certificate by converting it to pem format and using openssl verify
gives the following.
roger@dragon:~/ssltest/test-certs$ openssl verify -verbose default-openwrt.crt
C = ZZ, ST = Somewhere, L = Unknown, O = OpenWrt, CN = OpenWrt
error 18 at 0 depth lookup: self signed certificate
error default-openwrt.crt: verification fails
Most desktop browsers including firefox show an error message and allow
you to add a temporary or permanent exception for this certificate. However
Firefox Mobile shows the error message but when asked to add the exception
silently fails and goes back to showing the error message.
The default /etc/ssl/openssl.cnf installed by opkg causes this certificate to
be generated the following x509v3 extensions.
X509v3 Subject Key Identifier:
32:4A:35:79:43:5E:93:38:88:94:E0:DE:A2:8E:E3:97:16:C4:EE:D0
X509v3 Authority Key Identifier:
keyid:32:4A:35:79:43:5E:93:38:88:94:E0:DE:A2:8E:E3:97:16:C4:EE:D0
X509v3 Basic Constraints:
CA:TRUE
These extensions say that the key is a CA root certificate and is only valid
for use as a trust anchor at the top of a certificate chain. However, THIS
IS A RED HERRING(a distraction from the real problem).
The more fundamental problem is that uhttpd returns an encrypted alert
the content of which causes Firefox Mobile to terminate the tcp
connection. However it does continue to try a few different tls ssl all of
which terminate with an unencrypted alert showing a self signed
validation error. This is all invisible to the end user, who only sees the
browser going back to show the self signed error message and ignoring
the attempt to add a security exception.
To muddy the picture even further. If I add the exact same certificate and key
to a test site hosted by apache then Firefox Mobile succeeds in adding
the security exception and proceeds to connect to the site.
If anyone wants to investigate this further, they are welcome to. But I have
had enough. Decoding encrypted alerts is not easy. I will help out if I can.
I have implemented my simple solution above. I do not need to secure my
router admin with SSL.|
|
Reporter | |
Updated•6 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•