Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#16412 closed defect (fixed)

NSS SSL doesn't work well with self signed certificates

Reported by: skyserver Owned by: datallah
Milestone: 2.10.11 Component: libpurple
Version: 2.10.10 Keywords: nss
Cc: zeliff

Description (last modified by skyserver)

In version 2.10.10 it's no longer possible to connect to a XMPP server which uses a self signed SSL certificate. The error message is: The certificate for <domain> could not be validated. The certificate chain presented is invalid.

The connection is possible if the server certificate is already in the local cache (\.purple\certificates\x509\tls_peers). If the certificate is not cached yet (e.g. after a fresh windows/pidgin installation) the connection fails.

My test case was a Openfire 3.9.3 server using the default self signed certificates created after installation.

(09:26:08) account: Connecting to account admin@debian/.
(09:26:08) connection: Connecting. gc = 055874A8
(09:26:08) dnssrv: querying SRV record for debian: _xmpp-client._tcp.debian
(09:26:08) dnssrv: Couldn't look up SRV record. Der DNS-Name ist nicht vorhanden. (9003).
(09:26:08) dnsquery: Performing DNS lookup for debian
(09:26:08) dnsquery: IP resolved for debian
(09:26:08) proxy: Attempting connection to 192.168.0.66
(09:26:08) proxy: Connecting to debian:5222 with no proxy
(09:26:08) proxy: Connection in progress
(09:26:08) proxy: Connecting to debian:5222.
(09:26:08) proxy: Connected to debian:5222.
(09:26:08) jabber: Sending (admin@debian): <?xml version='1.0' ?>
(09:26:08) jabber: Sending (admin@debian): <stream:stream to='debian' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(09:26:08) jabber: Recv (179): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="debian" id="6c834f07" xml:lang="en" version="1.0">
(09:26:08) jabber: Recv (486): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>
(09:26:08) jabber: Sending (admin@debian): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(09:26:08) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(09:26:08) nss: SSL version 3.3 using 128-bit AES with 160-bit SHA1 MAC
Server Auth: 2048-bit RSA, Key Exchange: 768-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(09:26:08) nss: subject=CN=debian issuer=CN=debian
(09:26:08) certificate/x509/tls_cached: Starting verify for debian
(09:26:08) certificate/x509/tls_cached: Checking for cached cert...
(09:26:08) certificate/x509/tls_cached: ...Not in cache
(09:26:08) nss: CERT 1. CN=debian [Certificate Authority]:
(09:26:08) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
(09:26:08) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
(09:26:08) certificate: Failed to verify certificate for debian
(09:26:08) connection: Connection error on 055874A8 (reason: 15 description: Der SSL-Peer hat ein ungültiges Zertifikat präsentiert)
(09:26:08) account: Disconnecting account admin@debian/ (0292E448)
(09:26:08) connection: Disconnecting connection 055874A8
(09:26:08) connection: Destroying connection 055874A8

Change History (15)

comment:1 Changed 3 years ago by skyserver

  • Description modified (diff)

comment:2 Changed 3 years ago by datallah

  • Component changed from XMPP to libpurple
  • Keywords nss added
  • Owner changed from deryni to datallah
  • Summary changed from Unable to connect to XMPP servers using self signed certificates to NSS SSL doesn't work well with self signed certificates

comment:3 follow-up: Changed 3 years ago by datallah

  • Milestone set to 2.10.11
  • Resolution set to fixed
  • Status changed from new to closed

The issue with self-signed certificates has been fixed already in [9086eaeacd2c]. I'm making this ticket the one that we track that particular problem under.

However, you're seeing a different problem - SEC_ERROR_CA_CERT_INVALID. Not only do you have a self-signed cert, but the chain is invalid (e.g. the self-signed CA cert in your change wasn't created as a CA cert with the appropriate Basic Constraints, etc.). Previous versions of pidgin didn't adequately check those and allowed that use case; that was a security bug that was fixed in 2.10.10.

comment:4 Changed 3 years ago by datallah

  • Resolution fixed deleted
  • Status changed from closed to new

It looks like this still happens with simple self-signed certs generated by e.g. openfire.

(16:47:32) nss: CERT 1. CN=chat.onthebeach.co.uk [Certificate Authority]:
(16:47:32) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
(16:47:32) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
(16:47:32) certificate: Failed to verify certificate for chat.onthebeach.co.uk

A public server that this can be seen with is chat.onthebeach.co.uk.

Interestingly openssl s_client -connect chat.onthebeach.co.uk:5222 -starttls xmpp -showcerts also fails for OpenSSL 1.0.1f 6 Jan 2014 on ubuntu 14.04 (but succeeds with OpenSSL 1.0.1e-fips 11 Feb 2013 from Centos 6.5).

openssl version
OpenSSL 1.0.1e-fips
openssl s_client -connect chat.onthebeach.co.uk:5222 -starttls xmpp -showcerts
CONNECTED(00000003)
depth=0 CN = chat.onthebeach.co.uk
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = chat.onthebeach.co.uk
verify return:1
---
Certificate chain
 0 s:/CN=chat.onthebeach.co.uk
   i:/CN=chat.onthebeach.co.uk
-----BEGIN CERTIFICATE-----
MIIC9jCCAd6gAwIBAgIIMe/GTAMM37AwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UE
AwwVY2hhdC5vbnRoZWJlYWNoLmNvLnVrMB4XDTE0MTAzMDE3MjYzNloXDTE5MTAw
NDE3MjYzNlowIDEeMBwGA1UEAwwVY2hhdC5vbnRoZWJlYWNoLmNvLnVrMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI1ZTlRU/jWO7pG4rzvrMjiqVqv2
TGgX/eDtdS4HN9W6NIJPsqpa2QwavR4m1rvg6VBktGRuzxRbrrpAGRnk6jtx9+8x
tVSky7TTwrg8j+CD4FGqmv/kZxE7DNPiHwyZ71FxTGazHFg54ACWHFREEw9XluFt
F8z467tPtm4DnVYuxTqzThSvK2BU90mOMS2Upikf3DrcLNl/Fe38KZVUOS6zwTrW
jnNfR73Z2N0eT5IwtpJe3uk7v4QTEbKKPI7XBeIYDpQ+pVhRD63p27ifthK8VBdm
/A29B2gElEGhk/Ao45/WhkJOoju8nKZvh8t4s7PXgbrtuEum8+aOMpBpMwIDAQAB
ozQwMjAwBgNVHREEKTAnoCUGCCsGAQUFBwgFoBkMFyouY2hhdC5vbnRoZWJlYWNo
LmNvLnVrMA0GCSqGSIb3DQEBBQUAA4IBAQBOXgJEiMsBAj0MPMiLMq5qfKcKn03I
9PiqO7jgrxppZw6sLzqfujpwKBmjASTR4TidnJr63yFv70lbqcAhgXkfhibEngov
UT24qoxA7AsLFccsCPakg4FnG4sOpABll47tV27NLcbqVYHfqC9pTsIpQ8mXXvGh
LQ3SPH9V0B16KQWUlV9+w4YiXIrMGoB6G/YGyLWImnJ8pBnFfudNhtJ16OtCrZpQ
/kM9ijn8dHh+G+qlK7dToLVsioP+1cyDU/85TOcmmBWwUqN80HRLRJInHHLumi6D
PI3MxC9DV/AtRqV24wTojGtLvPm+BXRp+DRsr2l+7EcYm4ZP76YgrAC3
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=chat.onthebeach.co.uk
issuer=/CN=chat.onthebeach.co.uk
---
No client certificate CA names sent
---
SSL handshake has read 1862 bytes and written 606 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-DES-CBC3-SHA
    Session-ID: 5453F36F319F1BDF03075A0C53FC47BD5F8086EF06E7C4C70EA3EF9DBFD2575D
    Session-ID-ctx:
    Master-Key: 4BD78E2A68EBDE60D5C0885364B9CD4B7B93A7C7F83384FDAFC0A547DC8A40F0DD33D17AEC689D42EA37A99842D3000A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1414787952
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

It looks like the issue is that it's the root certificate in the chain, but it's not marked as a CA via Basic Constraints, so we end up with the SEC_ERROR_CA_CERT_INVALID error.

Looking at the firefox code, the right way to handle this is to suppress a lot of these errors when dealing with a self-signed certificate. We should warn about the self-signedness certificate, and that trumps the rest of these.

comment:5 Changed 3 years ago by datallah

I've posted a Windows binary of the fixed plugin here.

comment:6 Changed 3 years ago by Daniel Atallah <datallah@…>

  • Resolution set to fixed
  • Status changed from new to closed

(In [befb6523dc5c]):
Fix NSS handling of self-signed certificates. Fixes #16412.

comment:7 Changed 3 years ago by datallah

Ticket #16436 has been marked as a duplicate of this ticket.

comment:8 Changed 3 years ago by datallah

Ticket #16439 has been marked as a duplicate of this ticket.

comment:9 Changed 3 years ago by muffins

Any word on a fix for Gnu/Linux? people? I'm also experiencing this bug with a fresh openfire install.

comment:10 in reply to: ↑ 3 Changed 3 years ago by bjornalfonur

Replying to datallah:

The issue with self-signed certificates has been fixed already in [9086eaeacd2c]. I'm making this ticket the one that we track that particular problem under.

A very interesting read! Is this fix being deployed already? I am asking, because I am still suffering from it (and I fear, there might be a better place to mention this?)

My system is Ubuntu 14.04 running pidgin 2.10.10. This is what pidgin -d gives me:

(14:29:22) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD MAC
Server Auth: 4096-bit RSA, Key Exchange: 1024-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(14:29:22) nss: subject=CN=hasi.it issuer=CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
(14:29:22) nss: partial certificate chain
(14:29:22) certificate/x509/tls_cached: Starting verify for hasi.it
(14:29:22) certificate/x509/tls_cached: Checking for cached cert...
(14:29:22) certificate/x509/tls_cached: ...Not in cache
(14:29:22) nss: CERT 0. CN=hasi.it :
(14:29:22) nss:   ERROR -8179: SEC_ERROR_UNKNOWN_ISSUER
(14:29:22) certificate: Failed to verify certificate for hasi.it
(14:29:22) connection: Connection error on 0xb79c6a68 (reason: 15 description: SSL peer presented an invalid certificate)

$ cat /etc/*{release,version} DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty" ...

$ pidgin --version Pidgin 2.10.10 (libpurple 2.10.10)

How can I fix this? Download the source (instead of apt-get...) and compile it from there?

Thank you in advance.

Last edited 3 years ago by bjornalfonur (previous) (diff)

comment:11 Changed 3 years ago by Robby

This ticket is assigned to the "2.10.11“ milestone so expect the fix to be in the source and in the 2.10.11 release.

comment:12 Changed 3 years ago by zeliff

Still seeing this problem with 2.10.11 on Windows:

Pidgin 2.10.11 (libpurple 2.10.11) e38a9aa5b1f8

I'm trying to connect to an internal Jabber server.

12:49:59) nss: subject=CN=it-server.XXXX.com issuer=CN=it-server.XXXX.com
(12:49:59) certificate/x509/tls_cached: Starting verify for it-server.XXXX.com
(12:49:59) certificate/x509/tls_cached: Checking for cached cert...
(12:49:59) certificate/x509/tls_cached: ...Not in cache
(12:49:59) nss: CERT 0. CN=it-server.XXXX.com :
(12:49:59) nss:   ERROR -8016: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
(12:49:59) nss: CERT 1. CN=it-server.XXXX.com [Certificate Authority]:
(12:49:59) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
(12:49:59) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
(12:49:59) certificate: Failed to verify certificate for it-server.XXXX.com
(12:49:59) connection: Connection error on 058C7B00 (reason: 15 description: SSL peer presented an invalid certificate)

comment:13 Changed 3 years ago by datallah

zeliff: Your issue is a different thing. The problem is that your server uses a insecure algorithm (probably a MD5-signed certificate).

comment:14 in reply to: ↑ description Changed 2 years ago by peetee

Replying to skyserver:

Openfire 3.9.3 and pidgin 2.10.11 (both fresh installs)

Ubuntu 12.04 and 14.04

Problem still exists.

(16:13:37) certificate/x509/ca: Lazy init completed.

(16:13:37) nss: CERT 1. CN=brussels2 [Certificate Authority]:

(16:13:37) nss: ERROR -8156: SEC_ERROR_CA_CERT_INVALID

(16:13:37) nss: ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER

(16:13:37) certificate: Failed to verify certificate for 192.168.0.22

(16:13:37) connection: Connection error on 0x7fe544d00a50 (reason: 15 description: SSL peer presented an invalid certificate)

comment:15 Changed 2 years ago by peetee

Seems to work now - I noticed that although pidgin was updated to 2.10.11, libpurple was not. All a bit confusing. Seems ubuntu left libpurple out of the upgrade and I had to go into Synaptic and view libpurple and it said a new version could be installed. Had to select upgrade.

So I guess to make it all clear people should check openfire version, pidgin version AND libpurple version.

Anyway, pidgin now asks if I want to accept invalid certificate.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!