On Thu, Dec 19, 2019 at 09:34:49AM +0100, Max-Julian Pogner wrote:
> For a particular connection, I always received the error message
> "Server certificate not verified". client was postfix, server was
> postfix. Both as distributed by debian stretch, version
> 3.1.12-0+deb9u1.
> I was using the following settings on the smtp-postfix:
> relayhost=[localhost]:24
> smtp_tls_security_level=fingerprint
> smtp_tls_fingerprint_digest=sha1
> smtp_tls_fingerprint_cert_match=
> <value exactly matching the "pkey" remote fingerprint
> shown with smtp_tls_loglevel=2>
There's no reason to hide the fingerprint, it is likely NOT an exact
match. You should test with "posttls-finger -d sha1 ..."
> I couldn't quite figure out what might be the cause from reading the
> documentation nor searching "the web". Investigating the source code,
> I now think to have found the cause: file src/smtp/smtp_proto.c near
> line 1130 is using TLS_MUST_MATCH (defined in tls/tls.h near line 54)
> which is just a "level>TLS_LEV_ENCRYPT". This causes the "fingerprint"
> security level to verify the peername in addition to the cert or pkey
> fingerprint.
That's not the case. It causes a peer identity check, but the identity
in question is the fingerprint, the name is ignored.
> In my setup, the certificate used by the smtpd-postfix did not include
> "localhost" as subjAltName (nor as commonName) and therefore the
> smtp-postfix did report the error "Server certificate not verified".
That's not the reason if the security level was indeed fingerprint.
> Particular the formulation in the documentation similar to the one in
> file man/man5/postconf.5 near line 8136 "the server certificate is
> verified by directly matching its certificate fingerprint" was
> interpreted by me to mean, that the peername was _not_ checked.
Yes, and that's what Postfix does.
> a) someone can adjust the source-code so that security_level=fingerprint
> does only check the fingerprint and not the peername? -- i think that's
> the better solution.
No adjustment required, the code already functions as documented.
> b) or, i should send in a PATCH for the documentation, editing file
> proto/postconf.5 accordingly, in order to help others scratching their
> heads of the same questions?
No patches required, the code already functions as documented.
$ posttls-finger -cd sha1 -l fingerprint "[smtp.dukhovni.org]"
98:40:01:98:0F:75:58:35:92:3B:07:94:CF:58:B9:FA:99:C5:06:F5
posttls-finger: smtp.dukhovni.org[2001:470:1f06:167::2]:25: depth=0 matched
end entity public-key sha1
digest=98:40:01:98:0F:75:58:35:92:3B:07:94:CF:58:B9:FA:99:C5:06:F5
posttls-finger: smtp.dukhovni.org[2001:470:1f06:167::2]:25 CommonName
mournblade.imrryr.org
posttls-finger: smtp.dukhovni.org[2001:470:1f06:167::2]:25:
subject_CN=mournblade.imrryr.org, issuer_CN=mournblade.imrryr.org,
fingerprint=DF:53:67:E7:87:D8:4E:9A:FF:34:A2:92:36:F8:15:1F:2F:15:82:1B,
pkey_fingerprint=98:40:01:98:0F:75:58:35:92:3B:07:94:CF:58:B9:FA:99:C5:06:F5
posttls-finger: Verified TLS connection established to
smtp.dukhovni.org[2001:470:1f06:167::2]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
Presto-magic successful fingerprint authentication, despite a mismatched
hostname. Tested with:
$ postconf mail_version
mail_version = 3.4.8
--
Viktor.
