From 5ee4efa0bc70921ea1a714de4f0b88c901fe5632 Mon Sep 17 00:00:00 2001 From: Christos Tsantilas Date: Wed, 5 Jan 2022 12:39:20 -0500 Subject: [PATCH] Preserve configured order of intermediate CA certificate chain https_port ... tls-cert=signing,itsIssuer,itsIssuerIssuer.pem The order was reversed in commit cf48712, probably by accident. Wrong order violates TLS protocol and breaks TLS clients that are incapable of reordering received intermediate CAs. Squid deployments that use wrong-order bundles (to compensate for this bug) should reorder their bundles when deploying this fix (or wait for Squid to order certificates correctly, regardless of the bundle order -- a work in progress). OpenSSL sends the signing certificate first. After that, OpenSSL sends certificates in the order they are stored in the chain, so we must push them in on-the-wire order, as defined by RFC 8446 Section 4.4.2: "The sender's certificate MUST come in the first CertificateEntry in the list. Each following certificate SHOULD directly certify the one immediately preceding it." --- src/security/KeyData.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/KeyData.cc b/src/security/KeyData.cc index 0755c954856..cc51c6c8474 100644 --- a/src/security/KeyData.cc +++ b/src/security/KeyData.cc @@ -124,7 +124,7 @@ Security::KeyData::loadX509ChainFromFile() // OpenSSL API requires that we order certificates such that the // chain can be appended directly into the on-wire traffic. latestCert = CertPointer(ca); - chain.emplace_front(latestCert); + chain.emplace_back(latestCert); } else { debugs(83, DBG_PARSE_NOTE(2), certFile << ": Ignoring non-issuer CA " << nameStr << ": " << X509_verify_cert_error_string(checkCode) << " (" << checkCode << ")"); }