Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does smtp-server.pl return the same cert multiple times #73

Open
jetmore opened this issue Dec 1, 2023 · 0 comments
Open

Why does smtp-server.pl return the same cert multiple times #73

jetmore opened this issue Dec 1, 2023 · 0 comments
Milestone
backlog

Comments

@jetmore
Copy link
Owner

jetmore commented Dec 1, 2023

See test _exec-transactions/00200. smtp-server.pl is using the default cert, which is node.example.com.key/.crt

That test runs (more or less):

../../swaks --to user@host1.nodns.test.swaks.net --from recip@host1.nodns.test.swaks.net --helo hserver   --tls   --pipe '../server/smtp-server.pl --silent --domain pipe   part-0000-connect-standard.txt   part-0101-ehlo-all.txt   part-0200-starttls-basic.txt   part-0101-ehlo-all.txt   part-1000-mail-basic.txt   part-1100-rcpt-basic-accept.txt   part-2500-data-accept-basic.txt   part-3000-shutdown-accept.txt   '

And the peer certs are reported as

=== TLS peer[0]   DN="/C=US/ST=Indiana/O=Swaks Development (node.example.com, with-SAN)/CN=node.example.com/emailAddress=proj-swaks@jetmore.net"
===               notBefore=2023-11-03T14:50:10Z
===               notAfter=2033-09-11T14:50:10Z
===               subjectAltName=[ DNS:node.example.com ]
===               commonName=node.example.com
=== TLS peer[1]   DN="/C=US/ST=Indiana/O=Swaks Development (node.example.com, with-SAN)/CN=node.example.com/emailAddress=proj-swaks@jetmore.net"
===               notBefore=2023-11-03T14:50:10Z
===               notAfter=2033-09-11T14:50:10Z
===               subjectAltName=[ DNS:node.example.com ]
===               commonName=node.example.com
=== TLS peer[2]   DN="/C=US/ST=Indiana/O=Swaks Development (node.example.com, with-SAN)/CN=node.example.com/emailAddress=proj-swaks@jetmore.net"
===               notBefore=2023-11-03T14:50:10Z
===               notAfter=2033-09-11T14:50:10Z
===               subjectAltName=[ DNS:node.example.com ]
===               commonName=node.example.com

When I spin up smtp-server.pl on tcp and hit it with s_client, it also reports the same cert multiple times:

../server/smtp-server.pl --domain inet   part-0000-connect-standard.txt   part-0101-ehlo-all.txt   part-0200-starttls-basic.txt   part-0101-ehlo-all.txt   part-1000-mail-basic.txt   part-1100-rcpt-basic-accept.txt   part-2500-data-accept-basic.txt   part-3000-shutdown-accept.txt

openssl s_client -host 127.0.0.1 -port 11111 -starttls smtp

Connecting to 127.0.0.1
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C=US, ST=Indiana, O=Swaks Development (node.example.com, with-SAN), CN=node.example.com, emailAddress=proj-swaks@jetmore.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C=US, ST=Indiana, O=Swaks Development (node.example.com, with-SAN), CN=node.example.com, emailAddress=proj-swaks@jetmore.net
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C=US, ST=Indiana, O=Swaks Development (node.example.com, with-SAN), CN=node.example.com, emailAddress=proj-swaks@jetmore.net
verify return:1

Given that, I see this as an issue w/ smtp-server.pl, not with swaks, so I'm creating this issue and dropping it into the backlog. My logic is that swaks is actually correct - as a test tool,, if the peer is returning the same cert 3 times, I want to know that. But my preference is that most tests work as expected (one cert), with only one or two "does it report the same cert multiple times when presented multiple times" tests
@jetmore jetmore added this to the backlog milestone Dec 1, 2023
jetmore added a commit that referenced this issue Dec 1, 2023
@jetmore
test suite output changes, merge back
b7f4d20 
Note that many of these have multiple copies of the same cert.  I think this is an issue w/ smtp-server.pl, not swaks.  See #73
jetmore added a commit that referenced this issue Dec 1, 2023
@jetmore
report on entire peer chain in TLS transaction debug, not just the en…
589eaee 
…d cert

Note that many of the tests have multiple copies of the same cert in their output.  I think this is an issue w/ smtp-server.pl, not swaks.  See #73
jetmore added a commit that referenced this issue Dec 1, 2023
@jetmore
report on entire peer chain in TLS transaction debug, not just the en…
662e45c 
…d cert

Note that many of the tests have multiple copies of the same cert in their output.  I think this is an issue w/ smtp-server.pl, not swaks.  See #73
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
backlog
Development

No branches or pull requests
1 participant
@jetmore