'Re: SNI problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: SNI problem
From:       Viktor Dukhovni <postfix-users () dukhovni ! org>
Date:       2020-06-09 17:07:16
Message-ID: 20200609170716.GV48101 () straasha ! imrryr ! org
[Download RAW message or body]

On Wed, May 27, 2020 at 12:40:25AM +0200, Ján Máté wrote:

> The error is "SNI data for smtp.myserver.eu does not match next
> certificate" even if I am 100% sure that the key+cert+chain is OK,
> because I use the same key+cert+chain (loaded from same files) for the
> smtpd_tls_chain_files (and there it works).

This is the symptom, the cause is indicated by the message one logged
next to it.

> /etc/postfix/main.cf:
> tls_server_sni_maps = hash:/etc/postfix/table_hash-tls_server_sni_maps
> smtpd_tls_chain_files =
> /etc/letsencrypt/live/eu.server.smtp/privkey.pem
> /etc/letsencrypt/live/eu.server.smtp/fullchain.pem
> 
> /etc/postfix/table_hash-tls_server_sni_maps
> smtp.myserver.eu /etc/letsencrypt/live/eu.myserver.smtp/privkey.pem \
> /etc/letsencrypt/live/eu.myserver.smtp/fullchain.pem smtp.myserver2.eu \
> /etc/letsencrypt/live/eu.myserver2.smtp/privkey.pem \
> /etc/letsencrypt/live/eu.myserver2.smtp/fullchain.pem

I just tested with:

    main.cf:
        smtpd_tls_loglevel = 1
        smtpd_tls_security_level = may
        smtpd_tls_chain_files =
                ${config_directory}/ee1pkey.pem
                ${config_directory}/ee1cert.pem
                ${config_directory}/cacert.pem
        tls_server_sni_maps = hash:${config_directory}/sni

    sni
        mx1.example.com
            .../ee1pkey.pem
            .../ee1cert.pem
            .../cacert.pem
        mx2.example.com
            .../ee2pkey.pem
            .../ee2cert.pem
            .../cacert.pem

My logs below...

> May 26 22:38:58 myserver postfix/smtpd[72379]: maps_file_find: tls_server_sni_maps: \
> hash:/etc/postfix/table_hash-tls_server_sni_maps(0,lock|fold_fix|src_rhs_is_file): \
> smtp.myserver.eu <http://smtp.myserver.eu/> = \
> LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9J...
> 

You generally don't want to log this data (your log level is too high),
and should not publish it, it is liable to reveal part of your private
key, though luckily, in this case, only some of the fixed header bits
and none of the key material.

> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index 1 in SNI data \
>                 for smtp.myserver.eu does not match next certificate
> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library problem: \
> error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing \
> certificate:../ssl/ssl_rsa.c:1107:

The second message is the real problem, OpenSSL believes it already has
a certificate loaded for that algorithm, which should not be the case.
The new key then does not match the already installed certificate.  But
there shouldn't be one already loaded.

> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: error loading private keys \
> and certificates from: SNI data for smtp.myserver.eu: aborting TLS handshake

And so things go wrong.  On the other hand, my logs show:

    postfix/postfix-script[95733]: starting the Postfix mail system
    postfix/master[95735]: daemon started -- version 3.6-20200511, configuration \
/var/tmp/postfix/etc

    -- No SNI servername used
    postfix/smtpd[95756]: connect from localhost[127.0.0.1]
    postfix/smtpd[95756]: Anonymous TLS connection established from \
localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) \
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256  \
postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 quit=1 \
commands=3

    -- SNI servername: mx1.example.com
    postfix/smtpd[95756]: connect from localhost[127.0.0.1]
    postfix/smtpd[95756]: Anonymous TLS connection established from \
localhost[127.0.0.1] to mx1.example.com: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 \
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest \
SHA256  postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 \
quit=1 commands=3

    -- SNI servername: mx2.example.com
    postfix/smtpd[95756]: connect from localhost[127.0.0.1]
    postfix/smtpd[95756]: Anonymous TLS connection established from \
localhost[127.0.0.1] to mx2.example.com: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 \
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest \
SHA256  postfix/smtpd[95756]: disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 \
quit=1 commands=3

> In short: if a connection from the client is performed without SNI (or
> SNI hostname not present in the tls_server_sni_maps) then everything
> works as expected (key+cert+chain from smtpd_tls_chain_files is used),
> but if I connect using a valid SNI hostname (the new
> tls_server_sni_maps is used) then the same key+cert+chain not works.

It seems that somehow, a certificate of the same type is already loaded
into the SSL handle under construction.  It is unclear how that
happened.

> postmap -Fq smtp.myserver.eu hash:/etc/postfix/table_hash-tls_server_sni_maps
> 
> returns the correct key+cert+chain:
> 
> -----BEGIN PRIVATE KEY-----
> ...
> ... here is the private key for smtp.myserver.eu
> ...
> -----END PRIVATE KEY-----
> -----BEGIN CERTIFICATE-----
> ...
> ... here is the certificate for smtp.myserver.eu
> ...
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> ...
> ... here is the certificate for intermediate CA 
> ...
> -----END CERTIFICATE-----

That seems reasonable, is there anything in your system-wide openssl.cnf
file that looks like a default certificate chain that might be preloaded
into each new SSL_CTX?

-- 
    Viktor.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic