On Fri, Feb 21, 2014 at 10:30:52PM +0100, Kurt Roeckx wrote:
> On Fri, Feb 21, 2014 at 03:19:10PM -0500, Stephen Nightingale wrote:
> >
> > - For 0xx and 1xx uses, it is hard to identify a single canonical CA
> > list. I have overlapping, but different Root Cert sets from Mozilla,
> > Fedora and Linux Mint. So when searching for an authority to build a
> > verification chain I cycle through all of these until succeeding or
> > exhaustion of the possibilities. Some of the DANE 360 listed sets
> > (including some from members of this group) fail to authenticate
> > because the root certs are not in my authorities.
>
> I'm not really sure why you can't find the relevant CAs in your
> root store. It looks like you don't properly build the chain or
> something? Looking for instance at the fedoraproject.org results,
> you try all 3 of them, but each time fail, where for all 3 you
> actually seem to list the root CA as a relevant cert?
The handshake chain from fedoraproject.org is:
subject=/serialNumber=GFaoFyCf99PHtAPDHLEBYfFi/1hePcED/C=US/ST=North
Carolina/L=Raleigh/O=Red Hat Inc/OU=Fedora Infrastructure/CN=*.fedoraproject.org
issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA
subject=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
subject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Per http://tools.ietf.org/html/rfc5246#page-48
certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority MAY be omitted from the chain, under the
assumption that the remote end must already possess it in order to
validate it in any case.
and of course fedoraproject.org does not include the root cert in
the TLS handshake chain. The chain needs to be augmented with the
relevant issuing root by the verifier. In this case the Equifax
root CA. Which is in many of the popular CA bundles.
The certificate that matches the TLSA record (CA constraint) is
the immediate issuer, but is not the root issuer and does not
appear in various CA bundles.
Perhaps the code incorrectly assumes that the CA matched by a "0
0 1" TLSA record, needs to be the root CA.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
