Thank you, Kurt. The information I was getting (from some sources) was that the vulnerability was only present in configurations where the server was authenticating a client certificate. The fact is, the vulnerability applies to certificate validation regardless of if it's on the client or server side. I'm going to assume what those sources were probably augmenting their assessment with their own risk analysis and decided that the only place the risk exists (not vulnerability) is in clients presenting forged certificates in situations where client auth is implemented. That would make sense (like you said) if we're talking about https, because basically no browsers are implemented using OpenSSL, so presenting a forged server cert to a client is basically a scenario that will not happen. But it could happen for other apps that use OpenSSL in their comm stack, even if they are only using server authentication. Thanks again, Colin Edwards CISSP, GCIH, GCWN, GSEC, MCSE -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Kurt Roeckx Sent: Tuesday, July 14, 2015 1:06 PM To: openssl-users at openssl.org Subject: Re: CVE-2015-1793 only on cert-based client auth? On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote: > I've been reading/hearing different opinions on the recent > vulnerability for cert chain forging that was patched (CVE-2015-1793). > > Some people are saying the vulnerability only exists if a system is > using certificate-based client authentication (mutual auth, where both > server and client are authenticated). `Basically, that the chain > forging can only be done on the client side. > > Others are saying certs can be forged on the server, on > implementations that use only server-side authentication, and if the > client is using OpenSSL it will verify/accept the forged chain. The > could effectively result in MitM against OpenSSL clients. It's whenever a certificate is received (and validated). This means either: - A client is authenticating a server (server authentication) - A server is authenticating a client (client authentication) Of course both could be happening for the same connection. It's much more common that the client authenticates the server. Certainly for https client authentication is uncommon. Also, for https the client ussually isn't OpenSSL based, except for android. Kurt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
