From 89f8ddcf306c6587e14f7ed42afd19e20e8ef999 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Wed, 2 May 2018 15:42:59 -0400
Subject: [PATCH] Fix some problems with CRL revocation checking

There are some circumstances in which check_revocation_crl() will incorrectly indicate that a CRL lists the server's certificate as revoked. #1046 is one of them. Another is any case in which the server's certificate cannot be validated using any of the certificates in the trust store that OpenSSL uses (e.g., the server's certificate was issued by a local CA). In both of these cases, "openssl verify" fails, for some reason other than "certificate revoked", and check_revocation_crl() assumes that any failure of "openssl verify" is the result of certificate revocation.

This PR addresses the problem in two ways. First, it adds the "-partial_chain" option to the "openssl verify" command line whenever $OPENSSL supports that option (it is not supported by LibreSSL or by versions of OpenSSL earlier than 1.0.2). This will fix most of the problems when a version of OpenSSL that supports "-partial_chain" is used.

Even if the "-partial_chain" option is provided, OpenSSL needs to have at least one CA certificate so that it can get the public key needed to verify the signatures on the server's certificate and on the CRL. So, if the server doesn't send any CA certificates and the server's certificate was not issued by a CA in the trust store, then the verify command will fail even if the "-partial_chain" option is provided.

So, as a fail-safe, this PR changes check_revocation_crl() to check the error message that the verify command provides when it fails so that testssl.sh only reports a certificate a revoked if the verify command fails with a reason of "certificate revoked".

Note that this PR also fixes two other minor issues. It incorporates #1047, which corrects a typo, and it redirects $OPENSSL's output on line 1479 in order to suppress any error messages that $OPENSSL might print (e.g., "WARNING: can't open config file").
---
 testssl.sh | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 3e7ca69..b8baaf0 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -318,6 +318,7 @@ HAS_NOSERVERNAME=false
 HAS_CIPHERSUITES=false
 HAS_COMP=false
 HAS_NO_COMP=false
+HAS_PARTIAL_CHAIN=false
 HAS_ALPN=false
 HAS_NPN=false
 HAS_FALLBACK_SCSV=false
@@ -1451,7 +1452,7 @@ check_revocation_crl() {
      local crl="$1"
      local jsonID="$2"
      local tmpfile=""
-     local scheme
+     local scheme retcode partial_chain=""
      local -i success
 
      "$PHONE_OUT" || return 0
@@ -1474,22 +1475,30 @@ check_revocation_crl() {
           return 1
      fi
      # -crl_download could be more elegant but is supported from 1.0.2 onwards only
-     $OPENSSL crl -inform DER -in "$tmpfile" -outform PEM -out "${tmpfile%%.crl}.pem"
+     $OPENSSL crl -inform DER -in "$tmpfile" -outform PEM -out "${tmpfile%%.crl}.pem" &> $ERRFILE
      if [[ $? -ne 0 ]]; then
           pr_warning "conversion of "$tmpfile" failed"
           fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed"
           return 1
      fi
      cat $TEMPDIR/intermediatecerts.pem "${tmpfile%%.crl}.pem" >$TEMPDIR/${NODE}-${NODEIP}-CRL-chain.pem
-     $OPENSSL verify -crl_check -CAfile $TEMPDIR/${NODE}-${NODEIP}-CRL-chain.pem $TEMPDIR/host_certificate.pem &>$ERRFILE
+     # See https://github.com/drwetter/testssl.sh/pull/1051
+     "$HAS_PARTIAL_CHAIN" && partial_chain="-partial_chain"
+     $OPENSSL verify -crl_check $partial_chain -CAfile $TEMPDIR/${NODE}-${NODEIP}-CRL-chain.pem $TEMPDIR/host_certificate.pem &> "${tmpfile%%.crl}.err"
      if [[ $? -eq 0 ]]; then
           out ", "
           pr_svrty_good "not revoked"
           fileout "$jsonID" "OK" "not revoked"
      else
-          out ", "
-          pr_svrty_critical "revoked"
-          fileout "$jsonID" "CRITICAL" "revoked"
+          retcode=$(awk '/error [1-9][0-9]? at [0-9]+ depth lookup:/ { if (!found) {print $2; found=1} }' "${tmpfile%%.crl}.err")
+          if [[ "$retcode" == "23" ]]; then # see verify_retcode_helper() and https://github.com/drwetter/testssl.sh/pull/1051
+               out ", "
+               pr_svrty_critical "revoked"
+               fileout "$jsonID" "CRITICAL" "revoked"
+          elif [[ $DEBUG -ge 2 ]]; then
+               out " "
+               verify_retcode_helper "$retcode"
+          fi
      fi
      return 0
 }
@@ -6218,6 +6227,7 @@ verify_retcode_helper() {
 
      case $retcode in
           # codes from ./doc/apps/verify.pod | verify(1ssl)
+          44) tm_out "(different CRL scope)" ;;                  # X509_V_ERR_DIFFERENT_CRL_SCOPE
           26) tm_out "(unsupported certificate purpose)" ;;      # X509_V_ERR_INVALID_PURPOSE
           24) tm_out "(certificate unreadable)" ;;               # X509_V_ERR_INVALID_CA
           23) tm_out "(certificate revoked)" ;;                  # X509_V_ERR_CERT_REVOKED
@@ -15111,6 +15121,13 @@ find_openssl_binary() {
      $OPENSSL enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567  > /dev/null 2> /dev/null <<< "test"
      [[ $? -eq 0 ]] && HAS_AES256_GCM=true
 
+     $OPENSSL verify -partial_chain <<< "-----BEGIN CERTIFICATE-----
+MIGYMGYCAQEwCQYHKoZIzj0EATAAMB4XDTE4MDUwMjE5NDk1NVoXDTE4MDYwMTE5
+NDk1NVowADAyMBAGByqGSM49AgEGBSuBBAAGAx4ABIqtRNoHWKXwhKqS065E2p+0
+bGW4kYxYp8ON+FMwCQYHKoZIzj0EAQMjADAgAg4qMOUGcBYIn9OouAC6EwIODVw+
+r5TrwCZfR3CoB+k=
+-----END CERTIFICATE-----" 2>&1 | grep -aq "recognized usages" || HAS_PARTIAL_CHAIN=true
+
      if [[ "$OPENSSL_TIMEOUT" != "" ]]; then
           if type -p timeout >/dev/null 2>&1; then
                if ! "$do_mass_testing"; then