SNI problem

Tue, 26 May 2020 15:42:11 -0700 

Hi Postfix users,

I have a problem with the new tls_server_sni_maps configuration option - it 
seems that Postfix (3.4.10 debian-buster) is unable to load the key+cert+chain 
combination using this option. The error is "SNI data for smtp.myserver.eu 
<http://smtp.myserver.eu/> does not match next certificate" even if I am 100% 
sure that the key+cert+chain is OK, because I use the same key+cert+chain 
(loaded from same files) for the smtpd_tls_chain_files (and there it works).

Related config files:

/etc/postfix/main.cf:
tls_server_sni_maps = hash:/etc/postfix/table_hash-tls_server_sni_maps
smtpd_tls_chain_files =
    /etc/letsencrypt/live/eu.server.smtp/privkey.pem
    /etc/letsencrypt/live/eu.server.smtp/fullchain.pem

/etc/postfix/table_hash-tls_server_sni_maps             (indexed using: postmap 
-F hash:/etc/postfix/table_hash-tls_server_sni_maps):
smtp.myserver.eu <http://smtp.myserver.eu/> 
/etc/letsencrypt/live/eu.myserver.smtp/privkey.pem 
/etc/letsencrypt/live/eu.myserver.smtp/fullchain.pem
smtp.myserver2.eu <http://smtp.myserver2.eu/> 
/etc/letsencrypt/live/eu.myserver2.smtp/privkey.pem 
/etc/letsencrypt/live/eu.myserver2.smtp/fullchain.pem


Key+cert+chain hash info (the fullchain.pem file contains the cert.pem + 
chain.pem):
=== privkey.pem
ee key hash
(stdin)= b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3
ee cert pubkey hash
(stdin)= -NONE-
ee chain names

=== cert.pem
ee key hash
(stdin)= -NONE-
ee cert pubkey hash
(stdin)= b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3
ee chain names
subject=CN = smtp.myserver.eu <http://smtp.myserver.eu/>
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

=== chain.pem
ee key hash
(stdin)= -NONE-
ee cert pubkey hash
(stdin)= 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
ee chain names
subject=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
issuer=O = Digital Signature Trust Co., CN = DST Root CA X3



Info related to my testing:

Connection to Postfix from a remote server (client) using the correct 
"servername" in the SNI:

root@otherserver:~# openssl s_client -servername smtp.myserver.eu 
<http://smtp.myserver.eu/> -starttls smtp -connect smtp.myserver.eu:25 
<http://smtp.myserver.eu:25/>
CONNECTED(00000003)
140179153458304:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert 
internal error:../ssl/record/rec_layer_s3.c:1544:SSL alert number 80
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 335 bytes and written 726 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Postfix server logs (server):

May 26 22:38:58 myserver postfix/smtpd[72379]: maps_file_find: 
tls_server_sni_maps: 
hash:/etc/postfix/table_hash-tls_server_sni_maps(0,lock|fold_fix|src_rhs_is_file):
 smtp.myserver.eu <http://smtp.myserver.eu/> = 
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9J...
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index 1 in SNI 
data for smtp.myserver.eu <http://smtp.myserver.eu/> does not match next 
certificate
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library problem: 
error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing 
certificate:../ssl/ssl_rsa.c:1107:
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: error loading private 
keys and certificates from: SNI data for smtp.myserver.eu 
<http://smtp.myserver.eu/>: aborting TLS handshake



Connection to Postfix from a remote server (client) without SNI servername (or 
SNI name not present in the tls_server_sni_maps):

root@otherserver:~# openssl s_client -noservername -starttls smtp -connect 
smtp.myserver.eu:25 <http://smtp.myserver.eu:25/>
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = smtp.myserver.eu <http://smtp.myserver.eu/>
verify return:1
---
Certificate chain
 0 s:CN = smtp.myserver.eu <http://smtp.myserver.eu/>
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
subject=CN = smtp.myserver.eu <http://smtp.myserver.eu/>

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4013 bytes and written 744 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 325F23D6EF2F8EF88571D5404773D64EDF2E5BAE1F126F9F17BF5C8DD7401EC0
    Session-ID-ctx: 
    Resumption PSK: 
3E8690233C86E7A57A559DE1A0B60D4D0AA63524D3765ECACE0E03F48159E402D1CB457E7F87FB3C54EF2106B60B317A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    ...
    ...
    ...

    Start Time: 1590529279
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK



In short: if a connection from the client is performed without SNI (or SNI 
hostname not present in the tls_server_sni_maps) then everything works as 
expected (key+cert+chain from smtpd_tls_chain_files is used), but if I connect 
using a valid SNI hostname (the new tls_server_sni_maps is used) then the same 
key+cert+chain not works.

The /etc/postfix/table_hash-tls_server_sni_maps is correctly indexed using 
postmap -F, and also the:

postmap -Fq smtp.myserver.eu <http://smtp.myserver.eu/> 
hash:/etc/postfix/table_hash-tls_server_sni_maps

returns the correct key+cert+chain:

-----BEGIN PRIVATE KEY-----
...
... here is the private key for smtp.myserver.eu <http://smtp.myserver.eu/>
...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
... here is the certificate for smtp.myserver.eu <http://smtp.myserver.eu/>
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
... here is the certificate for intermediate CA 
...
-----END CERTIFICATE-----


Any idea how to fix this problem?


Kind regards,


JM

Reply via email to