[PATCH] OpenSSL: Accept certificates marked for both server and client use

Jouni Malinen j at w1.fi
Sat Feb 15 06:11:40 EST 2014

On Sat, Feb 15, 2014 at 05:24:38AM -0500, Anders Kaseorg wrote:
> I’m not seeing that specification requirement.  I looked at EAP-TLS
> (RFC 5216):

> This is all about requiring certain key usage values to be included;
> there’s nothing about requiring other values to be excluded.

I know. I was referring to a different specification (sorry, cannot talk
about details yet).

> We don’t reject if the EKU extension is missing entirely, and my
> patch doesn’t change that.  Are you worried about certificates that
> explicitly include an EKU extension listing none of
> id-kp-clientAuth, id-kp-serverAuth, or anyExtendedKeyUsage?

To be honest, I did not notice that, but I was thinking of not including
id-kp-serverAuth and now that you say it, I guess that could also happen
with an EKU (for something completely different) being included. I don't
think id-kp-serverAuth is universally used, so I don't really want to
mandate it. id-kp-clientAuth alone is actually already rejected by
OpenSSL, so no need for that separately in tls_openssl.c.

> >Would it be possible to get the MIT SECURE server certificate that hits
> >this new constraint on id-kp-clientAuth being present? This would be
> >useful for further discussion on possible spec changes/clarifications.
> Can I extract it from wpa_supplicant?  (I don’t have any kind of
> special access to the servers.  All that MIT provides is these
> fingerprints: http://kb.mit.edu/confluence/x/YgAwB .)

You can extract the server certificate with a connection to probe for
such information. For example, in wpa_cli:

set_network 0 ssid "your ssid"
set_network 0 key_mgmt WPA-EAP
set_network 0 eap TTLS
set_network 0 identity "probe"
set_network 0 ca_cert "probe://"
select_network 0
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' cert=30820295308201....

There's going to be number of CTRL-EVENT-EAP-PEER-CERT events listed
here. I'm most interested in the one with depth=0 and cert=<hexdump>
value which is the hexdump of the DER encoding X.509 certificate of the
authentication server. Anyway, if you can send all those
CTRL-EVENT-EAP-PEER-CERT events, that would give even better picture by
including all the CA certificates.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list