Add expired-ocsp.badssl.com subdomain

[AGWA]

This subdomain sends an expired stapled OCSP response, which triggers an SSL error in Firefox (and soon in Chrome as well).

The OCSP response, certs/wildcard.expired-ocsp.der, was generated by running:

openssl ocsp -issuer certs/wildcard.issuer.pem -cert certs/wildcard.normal.pem -url http://ocsp.comodoca.com -noverify -respout certs/wildcard.expired-ocsp.der

where certs/wildcard.issuer.pem is a new file containing the certificate that issued certs/wildcard.normal.pem (i.e. the first intermediate certificate in the chain). http://ocsp.comodoca.com was taken from the OCSP field as output by openssl x509 -in certs/wildcard.normal.pem -noout -text.

certs/wildcard.expired-ocsp.der will need to be regenerated whenever wildcard.normal.pem is reissued.

Note that, at the time of this commit, certs/wildcard.expired-ocsp.der is not yet expired, but will expire on Jun 8, 2015 at 09:38:45 UTC. You may wish to defer merging this PR until this date passes.

[lgarron]

Thanks for the PR!
Would you mind making this work with cert-generator.sh so this can with the same testing root cert as the other subdomains?

Also, could you explain how I could make this work for a real badssl.com subdomain? I'd be even more interested in that.

[AGWA]

Would you mind making this work with cert-generator.sh so this can with the same testing root cert as the other subdomains?

I'll look into that. It may be tricky because it will require generating an OCSP response off of the testing intermediate, and the openssl ocsp command leaves a lot to be desired.

Also, could you explain how I could make this work for a real badssl.com subdomain? I'd be even more interested in that.

I think there was a misunderstanding - this is meant to work with the real *.badssl.com cert - the OCSP response I committed is signed by Comodo and is for the actual *.badssl.com cert in production.

My commit message was probably unclear about certs/wildcard.issuer.pem - it's the issuer cert of the real *.badssl.com cert. Strictly speaking it's redundant with the contents of certs/wildcard.normal.pem, but OpenSSL needs it to be in a file by itself to retrieve the OCSP response.

[lgarron]

I see. I haven't worked much with OCSP.

I that case, adding something to the script would be preferable – the cert generator should give you the intermediate.
If we're not dynamically updating anything or putting it in the cert generator script, does it serve any purpose to leave wildcard.issuer.pem in the repo?

In either case, I'll wait until the 8th to merge. Thanks for the explanation.

[AGWA]

I just amended the PR to:

1. Generate an expired OCSP response for the test CA. (It's a little hackish because I had to generate a temporary fake index.txt file, since you're not using openssl ca. This required giving the certs deterministic serial numbers.)
2. Remove wildcard.issuer.pem since there's no point having it in the repo.

[lgarron]

Excellent, thanks!

Deterministic serial numbers sound fine to me. @marumari: As official definite responsible authoritative OWNER for the cert generator, any objections?

If not, I'll merge this on the 9th.

[lgarron]

@AGWA I've tried a handful of times, but can't seem to get https://expired-ocsp.badssl.com/ to fail (in Firefox or Chrome). Am I missing something?

[AGWA]

@lgarron Hmmm... it's not serving up the stapled OCSP response. Do you see anything in the nginx error log about stapling?

[AGWA]

By the way, you can check for OCSP stapling by running:

openssl s_client -connect expired-ocsp.badssl.com:443 -servername expired-ocsp.badssl.com -status

If stapling is working, you'll see the string "OCSP Response Data" followed by a bunch of information. Otherwise, it will say "OCSP response: no response sent"

[lgarron]

This post leads me to suspect the same problem I had with TLSv1: it seems you have to specify OCSP stapling in the main server.

Also, I was able to get the expired OCSP response to be stapled, but I couldn't get Firefox Stable or Nightly to fail on it.

lgarron@lgarron-macbookpro ~> openssl s_client -connect expired-ocsp.badssl.com:443 -servername expired-ocsp.badssl.com -status
CONNECTED(00000003)
depth=2 /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
OCSP response:
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: 90AF6A3A945A0BD890EA125673DF43B43A28DAE7
    Produced At: Jun  4 09:38:45 2015 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 7AE13EE8A0C42A2CB428CBE7A605461940E2A1E9
      Issuer Key Hash: 90AF6A3A945A0BD890EA125673DF43B43A28DAE7
      Serial Number: 2FEB1825187C1A5086407B44E5B785A5
    Cert Status: good
    This Update: Jun  4 09:38:45 2015 GMT
    Next Update: Jun  8 09:38:45 2015 GMT

    Signature Algorithm: sha256WithRSAEncryption
        5b:48:9f:56:93:7b:6c:dc:f5:19:19:d7:e9:1c:ad:a7:61:74:
        da:2a:69:7e:c6:1a:2d:fa:9c:e2:2c:66:73:d3:34:fe:56:11:
        05:a6:35:c1:df:34:9a:6d:2b:55:13:c1:45:0d:8e:e1:51:39:
        8b:d0:e4:dc:de:de:7c:55:b2:90:90:1d:b8:70:fd:d0:53:fd:
        93:67:8d:36:44:d4:ab:04:f9:23:0d:6f:0c:3c:4a:05:b4:33:
        95:c9:4f:f6:c8:03:7c:a7:73:2d:77:41:1f:24:82:f2:8f:db:
        1e:8b:b7:0f:17:94:42:1f:af:10:66:b2:73:bd:12:4a:b6:76:
        7b:1a:8f:6b:c5:22:56:c0:fc:71:66:b0:61:92:66:39:4d:41:
        50:4d:d1:ff:51:69:f5:d7:23:b0:87:d8:aa:22:8d:94:9a:4c:
        34:df:72:9b:d3:9b:a9:6e:46:4e:7c:64:9c:ba:f6:e5:9d:f2:
        42:68:fc:05:13:8d:22:56:a3:2f:7e:29:c6:69:f2:2c:80:e5:
        62:e1:03:f0:40:d2:8e:c6:88:00:3b:23:5c:b0:80:50:1d:8f:
        59:6d:ba:34:69:d6:a0:d0:5d:69:de:48:69:77:00:51:fa:8d:
        4a:38:d0:10:a5:52:9e:14:44:01:bc:86:19:27:39:7a:64:00:
        76:3a:02:4a
======================================
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.badssl.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgIQL+sYJRh8GlCGQHtE5beFpTANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNTA0MDkwMDAwMDBaFw0xNjA3MDcyMzU5NTlaMFkxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls
ZGNhcmQxFTATBgNVBAMUDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2PmzA
S2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMWhyef
dOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3AxPxT
uW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqveww9H
dFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SYQCeF
xxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaOCAdUwggHRMB8GA1Ud
IwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSd7sF7gQs6R2lx
GH0RN5O8pRs/+zAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQIC
BzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAI
BgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB
hQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIwYDVR0RBBww
GoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCL
OKyT4gZim9wO1SyRrLf+IhQ6kD4TSgCvUIr6uMOaGWvggcjAxQmXT94tqzg93kTC
3okAjahcXzQReWDFFdcD+etZ5hqDAg4FpG3mR994nDSmO5gaW9BpuSPb7zHRmkoQ
84x06Sk1M1QPlis/EiLHR8JoIz+psLKK0WkIiCSQVAnkN4R5VpaRuEQh8v5SuLXo
D8o5froZeVFHRAguE8joC8bwmiyGQqWvuNXC6Zq45Ydlo1Vyam+wZuQ/ODlRerrQ
5TXftG5lE/U32JzTqb3jDy3YTjGpTlujNxY5r5fKGaucTTBsMhnLlj+0Dr4TdE1r
GTh+vUk+sJO+zDDOthzt
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.badssl.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5699 bytes and written 339 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES128-SHA
    Session-ID: 5747570C61B0C8C4DAD91CA7215ED6CF0196C91C5066324AA42BED9A8B1C79CE
    Session-ID-ctx:
    Master-Key: 2297FEE66D739A03547620E10F5A6AFBF499FF82B944E88DA84026F358F5B06A2BC4E98D457688869113F468F53A5A57
    Key-Arg   : None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 30 9d 72 4e 52 fb 39 73-02 84 07 57 5c e9 3a fa   0.rNR.9s...W\.:.
    0010 - f8 f5 e6 70 e2 9b 17 0d-c9 28 56 aa 8e 09 de 41   ...p.....(V....A
    0020 - 6d ab d1 45 9e 35 b8 04-2d 9d 3a 73 4c 2f 27 98   m..E.5..-.:sL/'.
    0030 - 6e 58 f9 16 9d 63 c1 28-7c 30 5e d2 6d c7 3f 5a   nX...c.(|0^.m.?Z
    0040 - 1c f7 3b 6e ff 83 88 73-85 2b ed 19 91 d5 f8 5b   ..;n...s.+.....[
    0050 - 81 39 97 4d ea 92 2e 83-e4 5e 00 90 d4 f8 b7 d4   .9.M.....^......
    0060 - ac 91 d5 6a be aa 57 81-31 d2 89 33 fb 2a 23 3a   ...j..W.1..3.*#:
    0070 - 61 f1 32 1d 9a 81 c3 3b-73 f0 25 79 71 98 51 d3   a.2....;s.%yq.Q.
    0080 - 32 a0 35 c2 25 88 a9 26-b6 8d 71 91 4f d8 d6 43   2.5.%..&..q.O..C
    0090 - b6 32 cf a6 da 66 fd 63-88 03 35 46 c5 b3 d5 ca   .2...f.c..5F....
    00a0 - 5d 46 09 16 dd 61 f9 be-85 39 38 aa f4 6e 76 64   ]F...a...98..nvd
    00b0 - f3 bc f2 f1 9c 01 b3 88-16 63 f7 05 aa 0b eb 95   .........c......
    00c0 - 1b 2b 31 a3 66 96 d4 a5-85 13 59 bc c9 0d 8d 6d   .+1.f.....Y....m

    Start Time: 1434229825
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

[ghedo]

@AGWA Is there any news on this? I haven't tried your patch yet (merge conflicts), but let me know if any testing/help is needed.

It'd be nice to have an end-point that serves a revoked OCSP response as well.