Dovecot send duplicated certificates when using ssl_alt_cert

Jean-Daniel Dupas jddupas at xooloo.com
Wed May 16 17:54:58 EEST 2018 

Hello,

I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both RSA and ECDSA certificates.

My configuration is as follow:

ssl_alt_cert = </path/to/my.rsa.key
ssl_alt_key = </path/to/my.rsa.key

ssl_cert = </path/to/my.ecdsa.pem
ssl_key = </path/to/my.ecdsa.key

Both certificates are let's encrypt certificate, so both are using the same intermediate CA.

The certificate chain are:
 for rsa:
	- my certificate
	- Let's Encrypt Authority X3
	- DST Root CA X3

 for ecdsa:
 	- my certificate
	- Let's Encrypt Authority X3
	- DST Root CA X3

My problem is that when connecting, dovecot includes 2 copies of Let's Encrypt Authority X3 in the certificate chain.

I think this is a bug. When building the chain, dovecot should ignore duplicated certificates and when opening the connection, it should only send intermediates related to the used certificate (either RSA or ECDSA).

(and as a side note, when using dovecot -n, dovecot hides the ssl_key (ssl_key =  # hidden, use -P to show it) but not the ssl_alt_key. This is probably a bug too).

---------------
openssl s_client -showcerts -host imap.example.com -port 993 -servername imap.example.com

CONNECTED(00000005)
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/CN=imap.example.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIHPDCCBiSgAwIBAgISA2e3bP2o1mpdOr9kTDm/R/zuMA0GCSqGSIb3DQEBCwUA
…
-----END CERTIFICATE-----
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
…
-----END CERTIFICATE-----
 2 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
…
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=imap.example.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 5140 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 591240C021A02B399CCB010F37AF7AD83227DC1770C606F73B3EEA3514AF07FB
    Session-ID-ctx: 
    Master-Key: 7D5A5BFC1B4B8EECF4F41DC084265AF6D32B82130F381B8DDF685B589D54D9BDEBFC20F1DD80E150CD56850C0D062E9E
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 3a 72 98 05 72 af 3d ed-26 a9 e7 2b 68 6b 0a 25   :r..r.=.&..+hk.%
    …

    Start Time: 1526482021
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

More information about the dovecot mailing list