opnvpn 2.4.8 上的 OpenSSL“错误曲线”错误

opnvpn 2.4.8 上的 OpenSSL“错误曲线”错误

我正在尝试将我们的 openvpn 服务器更新到 2.4.8,以利用更大的 listen() 积压队列。但是,我们看到以下错误:

Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY OK: depth=4, C=US, ST=CA, L=Los Angeles, O=XXXXX, OU=Dev, CN=DevEnvironmentL1RootCA
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY OK: depth=3, C=US, ST=CA, L=Los Angeles, CN=DevEnvironmentL2IntermediateCA, O=XXXXX Inc.
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY OK: depth=2, ST=CA, CN=DevEnvironmentL3IssuingCA, C=US, L=Los Angeles, O=XXXXX Inc.
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY OK: depth=1, C=US, ST=CA, L=Los Angeles, O=XXXXX, CN=org338.XXXXX.com
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 VERIFY OK: depth=0, C=US, ST=CA, L=Los Angeles, O=OPHQ, OU=Q, CN=acu212.org338.dev.XXXXX.local
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 OpenSSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 TLS_ERROR: BIO read tls_read_plaintext error
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 TLS Error: TLS object -> incoming plaintext read error
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 TLS Error: TLS handshake failed
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 Fatal TLS error (check_tls_errors_co), restarting
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:56176 SIGUSR1[soft,tls-error] received, client-instance restarting
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 VERIFY OK: depth=4, C=US, ST=CA, L=Los Angeles, O=XXXXX, OU=Dev, CN=DevEnvironmentL1RootCA
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 VERIFY OK: depth=3, C=US, ST=CA, L=Los Angeles, CN=DevEnvironmentL2IntermediateCA, O=XXXXX Inc.
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 VERIFY OK: depth=2, ST=CA, CN=DevEnvironmentL3IssuingCA, C=US, L=Los Angeles, O=XXXXX Inc.
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 VERIFY OK: depth=1, C=US, ST=CA, L=Los Angeles, O=XXXXX, CN=org343.XXXXX.com
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 VERIFY OK: depth=0, C=US, ST=CA, L=Los Angeles, O=OPHQ, OU=Q, CN=acu33.org343.dev.XXXXX.local
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 OpenSSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 TLS_ERROR: BIO read tls_read_plaintext error
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 TLS Error: TLS object -> incoming plaintext read error
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 TLS Error: TLS handshake failed
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 Fatal TLS error (check_tls_errors_co), restarting
Mar  6 00:18:06 nebula ovpn-nebula[8220]: 1.1.1.1:45484 SIGUSR1[soft,tls-error] received, client-instance restarting

证书链包括 ECDSA(带有 prime256v1 曲线)和 RSA 密钥和证书。

当我们将其降级到 openvpn 2.4.7 或任何更早版本时,我们没有看到任何错误。

2.4.7 和 2.4.8 的动态链接库看起来相同:

对于 2.4.7:

$ ldd /usr/sbin/openvpn
    linux-vdso.so.1 (0x00007ffcce786000)
    liblzo2.so.2 => /lib/x86_64-linux-gnu/liblzo2.so.2 (0x00007ff8dd406000)
    liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007ff8dd1ea000)
    libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ff8dcfcb000)
    libpkcs11-helper.so.1 => /usr/lib/x86_64-linux-gnu/libpkcs11-helper.so.1 (0x00007ff8dcdb0000)
    libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007ff8dc8e5000)
    libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007ff8dc658000)
    libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007ff8dc3d4000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff8dc1d0000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff8dbddf000)
    /lib64/ld-linux-x86-64.so.2 (0x00007ff8dd8ed000)
    librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007ff8dbbd7000)
    liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007ff8db9b1000)
    libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007ff8db695000)
    libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007ff8db480000)

对于 2.4.8:

$ ldd /usr/sbin/openvpn
    linux-vdso.so.1 (0x00007ffe33adf000)
    liblzo2.so.2 => /lib/x86_64-linux-gnu/liblzo2.so.2 (0x00007f272d11b000)
    liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f272ceff000)
    libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f272cce0000)
    libpkcs11-helper.so.1 => /usr/lib/x86_64-linux-gnu/libpkcs11-helper.so.1 (0x00007f272cac5000)
    libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f272c5fa000)
    libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f272c36d000)
    libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f272c0e9000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f272bee5000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f272baf4000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f272d602000)
    librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f272b8ec000)
    liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f272b6c6000)
    libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f272b3aa000)
    libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f272b195000)

示例服务器证书:

openssl x509 -in crt.pem  -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            aa:ae:4c:ea:bc:48:5b:18:f8:c6:cd:6a:f1:07:2f:61
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C = US, ST = CA, L = Los Angeles, O = XXXXX, CN = sandboxEnvironmentL3IssuingCA
        Validity
            Not Before: Aug 20 00:06:35 2018 GMT
            Not After : Aug 18 00:06:35 2028 GMT
        Subject: C = US, ST = CA, L = LA, O = OP, OU = G, CN = nebula.sandbox.XXXXX.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:86:b6:99:9b:70:fb:d2:51:5f:4c:f2:d3:f3:cd:
                    e9:f9:d3:33:a3:b9:d4:5d:cc:0d:05:8d:c0:ff:9f:
                    70:fa:ec:c8:a3:e7:0d:1a:d1:5f:24:f3:5f:98:87:
                    43:c7:68:64:00:9d:14:12:a6:2f:87:44:3a:64:59:
                    60:8d:fe:da:52
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.sandbox.XXXX.com/c5e53bbd2876e2b94a66b325ce095c2b.crl

            X509v3 Subject Alternative Name: critical
                DNS:nebula.sandbox.XXXXX.com
    Signature Algorithm: ecdsa-with-SHA384
         30:64:02:30:5a:77:b9:87:2f:5b:55:e1:76:f5:7d:94:67:d6:
         d8:8f:57:5c:f8:43:97:03:a7:11:2b:be:76:3c:1f:20:01:75:
         c6:3a:ae:8e:db:29:c2:fa:f4:07:37:51:95:dd:2b:42:02:30:
         21:59:34:ca:87:35:7e:88:39:40:eb:43:50:9c:d3:1c:8d:c5:
         22:88:c4:de:b4:0a:80:48:82:d9:c9:0e:34:95:62:2d:64:42:
         6e:29:cc:54:6a:0f:12:10:24:39:ea:b7

客户端证书示例:

$ openssl x509 -in crt.pem  -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a1:52:3a:0b:29:72:8b:43:68:b2:10:8e:35:c8:15:91
    Signature Algorithm: ecdsa-with-SHA384
        Issuer: C = US, ST = CA, L = Los Angeles, O = XXXX, CN = org302.XXXXX.com
        Validity
            Not Before: Oct 27 22:49:40 2019 GMT
            Not After : Nov 16 22:49:40 2021 GMT
        Subject: C = US, ST = CA, L = Los Angeles, O = OPHQ, OU = Q, CN = xxx443.org302.XXXX.local
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:2f:9e:6e:e5:b4:62:a3:fa:57:4c:15:dd:ac:08:
                    bd:eb:fb:1c:36:09:af:f0:5c:69:2d:9d:b3:a1:61:
                    59:6d:f8:8e:09:a0:72:e5:12:54:33:db:2a:fe:1b:
                    c0:5e:24:b8:20:92:07:d1:8d:6f:3a:73:6d:56:de:
                    b6:2f:03:5a:1e
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.prod.XXXX.com/c49c8c7872647cd6ee67d30f19341a68.crl

            X509v3 Subject Alternative Name: critical
                DNS:xxx443.org302.XXX.local, DNS:*.xxx443.org302.XXXX.local
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
    Signature Algorithm: ecdsa-with-SHA384
         30:65:02:31:00:9a:81:c4:e1:c5:38:48:94:89:a9:c1:96:93:
         1e:57:75:18:5b:04:ed:c9:c8:41:a4:a4:d5:ee:3a:36:98:fc:
         af:15:09:d4:b8:a3:be:2b:61:00:b2:55:1a:77:46:32:4d:02:
         30:45:63:43:9f:f8:f8:72:e0:f6:94:c8:10:1b:ac:aa:9c:22:
         62:00:0b:14:16:6e:20:1a:cd:1c:a2:c3:85:d7:6d:b8:ff:c0:
         d5:93:0e:87:a2:1f:d9:99:48:eb:83:6b:31

答案1

这不是 OpenVPN 的问题,而是 OpenSSL 的问题(甚至可以说,它甚至不是问题在 OpenSSL 中,更多的是决定不再支持坏的想法)。我认为这个问题最好地涵盖了这一点,基本上可以归结为“停止在证书中使用显式曲线参数;它们是从来不是一个好主意我们不会再支持他们了”。

至于为什么您会在 OpenVPN 2.4.8 中看到这些,而在早期版本中没有看到,我猜测(这也是可能的,因为您没有提供足够的信息来确定)您早期版本的 OpenVPN 是基于 OpenSSL 1.0.2 构建的,它确实(尝试)支持显式参数,而在 1.1.0 系列中对它们的支持被取消了。

相关内容