[Bug]: Unable to verify leaf signature with TLS connection

[kylecarbs]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a bug report that matches the one I want to file, without success.

Electron Version

v25.0.0

What operating system are you using?

Windows

Operating System Version

Windows 10 19045.2965

What arch are you using?

x64

Last Known Working Electron version

No response

Expected Behavior

Using a self-signed certificate to create a TLS connection with a custom CA when running Electron as NodeJS successfully performs the request without error.

Actual Behavior

The request fails with the following stacktrace:

Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:959:8)
    at ssl.onhandshakedone (node:_tls_wrap:743:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE

Testcase Gist URL

https://gist.github.com/kylecarbs/3eeb7d35a5fd6d9828e675f467144947

Additional Information

Reproduction:

1. Run server.js in a background terminal
2. Run node client.js and observe Working! being output.
3. Run ELECTRON_RUN_AS_NODE=1 electron.exe client.js and observe the error.

It's possible I'm missing something obvious here. I've reproduced this on Linux and Windows.

[code-asher]

Originally we generated the certificate on Windows using New-SelfSignedCertificate in Powershell but here is an openssl command that reproduces the same bug:

openssl req -x509 -nodes -newkey rsa:2048 \
        -keyout localhost.key -out localhost.crt \
        -addext "keyUsage = digitalSignature, keyEncipherment" \
        -addext "subjectAltName=DNS:localhost" \
        -subj "/CN=localhost"

The certificate works for curl, Chrome, Node, Go programs, etc, but not Electron (I am testing by using the certificate in Caddy).

The problem seems to be keyUsage. Adding keyCertSign to keyUsage or omitting keyUsage altogether resolves the error.

It seems like a bug in BoringSSL because I see code in openssl to ignore keyUsage when using a self-issued certificate which I think I am not seeing in BoringSSL but that leaves me confused about how it works in Chrome (I am using 114.0.5735.199). I am not very familiar with any of these repositories so maybe I have missed the obvious.

[sreya]

@BlackHole1 sorry for the ping but I noticed you commented on a similar issue and I'm also running into the bug above. Do you have an idea of where the problem could be?

[code-asher]

After some more testing I believe the reason it does not affect Chrome is because it accepts partial chains and that circumvents the UNABLE_TO_VERIFY_LEAF_SIGNATURE error. Node on the other hand does not accept partial chains.

https://github.com/google/boringssl/blob/9fc1c33e9c21439ce5f87855a6591a9324e569fd/crypto/x509/x509_vfy.c#L1702-L1719

[jochenschmich-aeberle]

I can confirm the findings mentioned in #38527 (comment). Removing the keyUsage would solve the issue.

@code-asher Thanks for investigating!

Is there any hope, that this bug will be solved?

[code-asher]

Thanks for the confirmation! I was looking into putting together a patch for BoringSSL but I have not yet had the time. I think the change itself would be fairly straightforward, but if I recall correctly I got a bit tied up trying to build Electron with changes to BoringSSL.

[electron-issue-triage]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[code-asher]

Still reproduces in 28.1.1.

[electron-issue-triage]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[code-asher]

Still reproduces in 29.2.0.

[BlackHole1]

I saw the PR related to this issue. Can you try again after this PR is merged?
#41689

[code-asher]

Thanks for the comment! I think #41689 is unrelated; in the test reproduction we are already passing in the CA so NODE_EXTRA_CA_CERTS may not give us anything extra (but entirely possible I missed something; please let me know).

This issue seems to be related to rejecting a self-signed certificate that has a keyUsage which excludes keyCertSign (which does make logical sense but is a deviation from Node and all the other software we tested).

I am happy to try again after #41689 merges just in case though.

[BlackHole1]

Thanks for the confirmation! I was looking into putting together a patch for BoringSSL but I have not yet had the time. I think the change itself would be fairly straightforward, but if I recall correctly I got a bit tied up trying to build Electron with changes to BoringSSL.

You can try building Electron from the source code using https://github.com/electron/build-tools.
If you want to submit a BoringSSL patch to Electron, you may need to have sufficient reasons, otherwise Electron is unlikely to accept it. See: #31042 (comment)

[code-asher]

If I recall correctly, I got some error when running gclient sync, but I will try to find time to give it another go. 🤞

After confirming the patch has the intended effect on Electron I was actually thinking I would try submitting the patch straight to BoringSSL itself, if they are amenable. I feel it does not really have enough impact to warrant Electron maintaining a patch for it.

So with that in mind, it might not make sense to keep this issue opened here.