Bug 1166614

Summary: Enhance OpenSSL to discover alternative trust chains, ignoring unnecessary intermediates sent in TLS server handshakes
Product: [Fedora] Fedora Reporter: Kai Engert (:kaie) (inactive account) <kengert>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: evangelos, hkario, mitr, sforsber, sgallagh, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: openssl-1.0.1k-8.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-10 23:37:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kai Engert (:kaie) (inactive account) 2014-11-21 11:15:54 UTC
At the time of filing this bug report, when constructing a chain to a trusted root CA certificate, OpenSSL will strictly insist on using the full set of intermediate CA certificates sent by the TLS server during the TLS handshake.

This implementation fails to work with server configurations, where the topmost intermediate CA points to a legacy CA certificate, once it gets removed from the CA trust store.

OpenSSL should attempt to find an alternative trust chain, starting with one of the "middle" intermediate CA certificate.

This strategy is being used by CAs to allow a transition to newer root CA certificates.

This should be an upstream enhancement. This bug is intended to act for tracking such enhancements in the OpenSSL project. At the time this enhancement gets implemented by OpenSSL and provided in Fedora, it could become possible to remove legacy CA certificates from the ca-certificates package.

Comment 1 Tomas Mraz 2014-11-21 12:45:18 UTC
Kai, will you fill the upstream ticket through the rt issue tracker, or should I do that myself?

Comment 2 Kai Engert (:kaie) (inactive account) 2014-11-21 16:23:17 UTC
I will file the upstream ticket very soon (probably Monday).

Comment 3 Kai Engert (:kaie) (inactive account) 2014-12-05 15:49:32 UTC
openssl upstream ticket:

Comment 4 Kai Engert (:kaie) (inactive account) 2014-12-17 21:41:49 UTC
(In reply to Kai Engert (:kaie) from comment #3)
> openssl upstream ticket:
> http://rt.openssl.org/Ticket/Display.html?id=3621

The above link only works when logged in, so better use the following link for reading the ticket:


Comment 6 Jaroslav Reznik 2015-03-03 16:31:48 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:

Comment 7 Kai Engert (:kaie) (inactive account) 2015-03-17 10:01:53 UTC

Can we upgrade Fedora 22 to OpenSSL 1.0.2 ?

The upstream patches to the verification code apply without conflicts on the OpenSSL 1.0.2 stable branch, and the test stream still completes.

Could we add this enhancement to Fedora 22 ?

Comment 8 Kai Engert (:kaie) (inactive account) 2015-03-17 10:05:09 UTC
(In reply to Kai Engert (:kaie) from comment #7)
> the test stream still completes.

the test "SUITE"

Comment 9 Tomas Mraz 2015-03-17 10:39:18 UTC
I don't think we will update openssl to 1.0.2 on F22. We might backport the patches though.

Comment 10 Kai Engert (:kaie) (inactive account) 2015-03-17 10:51:02 UTC
It seems difficult to merge the patches to 1.0.1

I've tried, and while I initially succeeded, the test suite had failed. The parts of the test suite that returned certificate verification results returned different error reasons than expected.

I'm worried that merging to 1.0.1 would require to backport many additional patches to the 1.0.1 branch from the last 2-3 years.

Comment 11 Tomas Mraz 2015-03-17 11:03:00 UTC
I'll investigate first what the needed additional backported changes would be. Only if they would be too intrusive I would reconsider the update to 1.0.2.

Comment 12 Kai Engert (:kaie) (inactive account) 2015-04-16 15:08:35 UTC
(In reply to Tomas Mraz from comment #11)
> I'll investigate first what the needed additional backported changes would
> be. Only if they would be too intrusive I would reconsider the update to
> 1.0.2.

Have you been able to investigate yet?

Comment 13 Tomas Mraz 2015-04-16 15:53:26 UTC
I'm currently working on 1.0.2 rebase in rawhide. After that I want to look at this backport.

Comment 14 Kai Engert (:kaie) (inactive account) 2015-04-16 16:12:24 UTC
Great, thanks for the update!

Comment 15 Kai Engert (:kaie) (inactive account) 2015-04-21 10:38:35 UTC
I've been told that openssl merged the feature into the 1.0.2 branch.
See the commits from April 20:

Comment 16 Fedora Update System 2015-04-30 15:09:07 UTC
openssl-1.0.1k-8.fc22 has been submitted as an update for Fedora 22.

Comment 17 Fedora Update System 2015-05-01 16:40:13 UTC
Package openssl-1.0.1k-8.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssl-1.0.1k-8.fc22'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 18 Fedora Update System 2015-05-10 23:37:34 UTC
openssl-1.0.1k-8.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.