[openssl-announce] OpenSSL Security Advisory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> During certificate verification, OpenSSL (starting from version 1.0.1n and
> 1.0.2b) will attempt to find an alternative certificate chain if the first
> attempt to build such a chain fails. An error in the implementation of this
> logic can mean that an attacker could cause certain checks on untrusted
> certificates to be bypassed, such as the CA flag, enabling them to use a
> valid
> leaf certificate to act as a CA and "issue" an invalid certificate.
>
> Why was this introduced in a patch release?  I thought
> improved chain building was a new feature, and thus
> delineated by a library version number such as 1.0.2 or
> 1.0.3 .

I *think* "improved" chain building should have present in the library
earlier. The methods always exited. See, for example, 4158,
https://www.ietf.org/rfc/rfc4158.txt.

Here's a real world failure due to previous, "naive" path building:
https://groups.google.com/d/msg/mailing.openssl.users/72_VQJmCmCU/hUMtemRNvRoJ.
The CA re-issued a root by changing the hash and serial number, but
recertifying the same public key and DN. Then, the server sent the old
root too as an intermediate. So there were two roots available, each
with the same DN.

> In fact, I thought that was the reason we all
> had to wait ages before this long standing shortcoming
> was fixed.

It almost sound like you are complaining you did not have to wait ages :)

Jeff


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux