[patch] Fix for bug in TLS/SSL for LMTP with chained certificates

Timo Sirainen tss at iki.fi
Thu Dec 3 10:24:56 UTC 2015


On 02 Dec 2015, at 17:38, NederHost/Sebastiaan Hoogeveen <s.hoogeveen at nederhost.nl> wrote:
> 
> Hi,
> 
> In case of tl;dr: I fixed a bug in TLS support for LMTP which caused chained certificates not to work, and another one which caused certificate read errors to be ignored; the patches are attached to this email.
> 
> While testing LMTP with TLS and certificate verification by Postfix I discovered that certificate chains are not exchanged properly when using LMTP, even though everything works fine for POP3 and IMAP (both with or without STARTTLS). On LMTP only the server certificate is included in the TLS handshake, no intermediate certificates are provided by the server.
> 
> The first problem I fixed is that in lib-ssl-iostream/iostream-openssl-context.c errors from the ssl_ctx_use_certificate_chain function are silently ignored because the function returns 0 for a failure but the caller checks for values smaller than 0. This problem is fixed in the tiny patch dovecot-2.2.19-ssl_ctx_certificate_chain_returnvalue.diff.

Applied.

> After applying this patch the following error message appears in the logs for LMTP only (IMAP and POP3 still work fine): 
> 
> dovecot: lmtp(20683): Error: SSL context initialization failed, disabling SSL: Can't load SSL certificate: error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
> 
> It turns out this issue is not related to the reading of the certificate or its associated chain. Somewhere before ssl_ctx_use_certificate_chain is called an error is put in the OpenSSL error queue which is never retrieved. Only after loading the server certificate is the queue checked and because of the previously existing error the chain is not loaded. I think the error is related to setting specific protocol options in ssl_iostream_context_set (which may be different for LMTP than for IMAP or POP3) but I did not investigate this.

http://hg.dovecot.org/dovecot-2.2/rev/302c3c7e11f8 should fix it.

> I made the problem go away by making the following two changes:
> 
> 1. The ssl_ctx_use_certificate_chain function now empties the OpenSSL error queue before doing its work by calling ERR_get_error() until the queue is empty.
> 
> 2. The openssl_iostream_error function in a similar fashion empties the queue and returns only the error message for the most recent error (this prevent earlier errors from 'hiding' later/more relevant ones).
> 
> After applying this second patch LMTP now works properly with certificate chains. Note that this patch makes previously unhandled errors simply 'disappear' from the queue, which may be a Very Bad Thing. I guess there is a more elegant way of handling this "queued error" issue but this works for me now and I'm actually not a C programmer. These two fixes are included in dovecot-2.2.19-lmtp_ssl_bug.diff.

I changed this to work the same in lib-ssl-iostream as it works in login-common/ssl-proxy-openssl.c (I wonder why it didn't originally work the same way..) and also merged more of the error handling code in login-common and lib-ssl-iostream.



More information about the dovecot mailing list