openssl certificate verification - different behaviour on build and target systems (does not work properly on ARM)

0
votes

The background to this story is that I'm using gSOAP with openssl for some SOAP/WSDL application development. The final application has to be cross compiled for an embedded ARM device.

Everything works fine on my build system (Fedora 17 x64), but when I run the cross compiled version on my target device (ARM/Montavista 5), I get the following error:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I started looking at OpenSSL to see if I could narrow this down - there is definitely different behaviour on my build system vs my embedded system that is causing the verification to fail.

I have run the following command on both (the IP address is google.com):

openssl s_client -showcerts -connect 173.194.67.104:443 -verify 9

The outputs on the different machines are listed below. I am running openssl 1.0.1c in both cases. In particular the target (ARM) system seems to receive/interpret a different certificate chain.

I have no idea why the output is different. Can somebody explain how I might be able to get my target device verifying the certificate correctly in the same way as my build machine?

OUTPUT FROM BUILD (Fedora) MACHINE:

verify depth is 9
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
-----BEGIN CERTIFICATE-----
[REMOVED FOR BREVITY]
-----END CERTIFICATE-----
 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
[REMOVED FOR BREVITY]
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 1907 bytes and written 299 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: C05953342AC01E9AB63CF0BABBE942B4E29061AA4904C3F1393EBBB1548B0254
    Session-ID-ctx: 
    Master-Key: 38B97C0CC2795AD1D3EEACAE244E33F1E5A0988AE9182AC85DFFF5B6BFAE6585E6BCF763E1E0EB300CD38B87CC0F2501
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
[REMOVED FOR BREVITY]
    Start Time: 1347036912
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

OUTPUT FROM TARGET (ARM) MACHINE

verify depth is 9
CONNECTED(00000003)
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
-----BEGIN CERTIFICATE-----
[REMOVED FOR BREVITY]
-----END CERTIFICATE-----
 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
[REMOVED FOR BREVITY]
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 2130 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: AA9E7D7AD223F18241A210D224B8BEF4A441572C1A9719BF3504FB03297D85DE
    Session-ID-ctx:
    Master-Key: 7A15F2071D50C076C0524AAD45857C5683212370582AD7D9F882B64104F0A0A8C2948B8B85C1EC19015C
51CAC30D4A05
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
[REMOVED FOR BREVITY]

    Start Time: 1347036508
    Timeout   : 300 (sec)
    Verify return code: 27 (certificate not trusted)
1
opensslarm
To keep blocks of (non-code) sample text from running together, you can mark them up with <blockquote><pre> (until that great day that SO supports <samp>). For code blocks, indent them with four spaces to mark them as code; for many languages, this will also colorize the block. The "{}" button in the editor toolbar does this for you. Click the orange question mark in the editor toolbar for more information and tips on formatting.outis
have you tried use -CApath option?georgexsh

1 Answers

0
votes

The error message makes it pretty clear: openssl cannot verify that the CA(s) signing the server's certificate are trusted using the CA store on the ARM box.
To verify that you can download a trusted CA bundle from curl's site: http://curl.haxx.se/ca/cacert.pem then use the -CAfile param to use it: openssl s_client -showcerts -connect 173.194.67.104:443 -verify 9 -CAfile <full_path_to_cacert.pem>

To do that programatically see the SSL_CTX_load_verify_locations function.
Also see the source code of the openssl command line tool for more details: http://cvs.openssl.org/fileview?f=openssl/apps/s_client.c&v=1.169 (search for CAfile & SSL_CTX_load_verify_locations).