Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't connect to openssl s_server with Chrome browser with ECC server cert #60

Open
nickrbogdanov opened this issue Mar 4, 2023 · 3 comments
Open

Can't connect to openssl s_server with Chrome browser with ECC server cert #60

nickrbogdanov opened this issue Mar 4, 2023 · 3 comments

Comments

@nickrbogdanov
Copy link

I'm testing 1.2.0-rc0. When I try to set up a trivial webserver with a self-signed certificate and visit it from Chrome, I see a weird NET::ERR_CERT_INVALID error:

HOST normally uses encryption to protect your information. When Chrome tried to connect to HOST this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be HOST, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit HOST right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

In this case I don't have an option under Advanced to bypass the certificate warning, which you'd normally see with a webserver using a self-signed cert.

Here is my procedure:

tpm2_createprimary -C o -g sha256 -G ecc -c primary_sh.ctx
tpm2_evictcontrol -C o -c 0x81000001 || true
tpm2_evictcontrol -C o -c primary_sh.ctx 0x81000001
openssl genpkey -provider tpm2 -algorithm EC -pkeyopt group:P-256 -pkeyopt parent:0x81000001 -out eckey.pem
openssl req -provider tpm2 -provider default -x509 -subj "/C=GB/CN=foo" -key eckey.pem -out cert.pem
openssl s_server -provider tpm2 -provider default -propquery '?provider=tpm2' -www -accept 443 -cert cert.pem -key eckey.pem

If I try to connect with openssl rather than Chrome, I don't get any errors:

openssl s_client -verify_return_error -CAfile cert.pem -connect localhost:443

Likewise, Firefox 110.0.1 is able to connect after bypassing the cert warning.

If I use software based keys instead of the TPM2, Chrome lets me connect after bypassing the (expected) NET::CERT_AUTHORITY_INVALID warning:

openssl ecparam -name prime256v1 -genkey -noout -out ecc_private.pem
openssl pkey -in ecc_private.pem -pubout -out ecc_public.pem
openssl req -x509 -subj "/C=GB/CN=foo" -key ecc_private.pem -out cert_sw.pem
openssl s_server -www -accept 443 -cert cert_sw.pem -key ecc_private.pem

This is Chrome 109.0.5414.119 on Linux.
@gotthardp
Copy link
Contributor

gotthardp commented Mar 4, 2023
edited

I suspect it may be because the certificate subject (-subj) does not match the server name.

@nickrbogdanov
Copy link
Author

There is a name mismatch in the test that used the software based keys, too. If you click Advanced, you can bypass that warning and proceed to the site.

By contrast, Chrome doesn't let you bypass NET::ERR_CERT_INVALID. It seems to be a different failure mode. The abort happens right after a digest operation:

PROVIDER INIT
DER DECODER DECODE
DER DECODER DECODE
TSS2 DECODER DECODE 0x87
TSS2 DECODER LOAD parent: persistent 0x81000001
TSS2 DECODER DECODE found EC
EC LOAD
EC GET_PARAMS [ bits security-bits max-size ]
EC HAS 0x1
RAND NEW
RAND NEW
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
RAND NEW
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
DER DECODER DECODE
Using default temp DH parameters
EC NEW
EC IMPORT [ point-format encoding group pub point-format group-check use-cofactor-flag ]
EC MATCH 7
EC MATCH 7
ACCEPT
EC GET_PARAMS [ group ]
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
SIGN DIGEST_INIT ecdsa MD=SHA256
EC GET_PARAMS [ group ]
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
SIGN DIGEST_INIT ecdsa MD=SHA2-256
SIGN DIGEST_SIGN estimate
SIGN DIGEST_SIGN

Do you see the same thing on your setup?

@nickrbogdanov
Copy link
Author

Another data point: if I have the TPM generate an RSA privkey/cert rather than ECC, Chrome is now able to connect:

# same as above
tpm2_createprimary -C o -g sha256 -G ecc -c primary_sh.ctx
tpm2_evictcontrol -C o -c 0x81000001 || true
tpm2_evictcontrol -C o -c primary_sh.ctx 0x81000001

# use RSA instead of ECC for the server cert
openssl genpkey -provider tpm2 -algorithm RSA -pkeyopt parent:0x81000001 -out rsakey.pem
openssl req -provider tpm2 -provider default -x509 -subj "/C=GB/CN=foo" -key rsakey.pem -out rsacert.pem
openssl s_server -provider tpm2 -provider default -propquery '?provider=tpm2' -www -accept 443 -cert rsacert.pem -key rsakey.pem

For RSA, Chrome shows the expected NET::ERR_CERT_AUTHORITY_INVALID due to the self-signed cert. Unlike in the ECC case, I can click Advanced and bypass it.

@nickrbogdanov nickrbogdanov changed the title Can't connect to openssl s_server with Chrome browser Can't connect to openssl s_server with Chrome browser with ECC server cert Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gotthardp @nickrbogdanov