The following warnings occurred:
Warning [2] count(): Parameter must be an array or an object that implements Countable - Line: 807 - File: showthread.php PHP 7.3.15 (Linux)
File Line Function
/showthread.php 807 errorHandler->error





Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[tls] received overlength Handshake - GoDaddy certs
2018-12-14, 15:33
Post: #1
[tls] received overlength Handshake - GoDaddy certs
Hey,

we are using iPXE to chainload from HTTPS which works fine in most cases but fails with GoDaddy certificates.

Steps to reproduce:
  • clone latest ipxe git repo
  • enable DOWNLOAD_PROTO_HTTPS in general.h and maybe adjust other other defines for your needs
  • Download GoDaddy CA and intermediate cert: https://certs.godaddy.com/repository/gdroot-g2.crt and https://certs.godaddy.com/repository/gdig2.crt.pem
  • embedded script:
    Code:
    #!ipxe
    dhcp
    chain https://www.godaddy.com/
    (I know there is nothing to chainload there but it's just an example for a domain using a GoDaddy cert)
  • make bin/undionly.kpxe EMBED=chain DEBUG=tls TRUST=/path/to/gdroot-g2.crt,/path/to/gdig2.crt.pem

Now booting this fails with "Invalid argument (http://ipxe.org/1c0de802)". When disabling some of the debug dump output (src/net/tls.c line 1810) I see the last message to show TLS ... received overlength Handshake.

If I comment/skip the "return -EINVAL_HANDSHAKE" in line 1811 it proceeds but fails on TLS ... overlength certificate (src/net/tls.c line 1591)this time.

Seems like len/remaining variable is set to 4096 (iob_len) and that truncates the long (5286 bytes) SSL handshake record / certificate.

I have looked through the code a bit but I am afraid I will break things when I play with io buffer length stuff. Anyone an idea?

Thanks in advance,
Sebastian
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
[tls] received overlength Handshake - GoDaddy certs - SebastianRoth - 2018-12-14 15:33



User(s) browsing this thread: 2 Guest(s)