On 10/07/2015 23:03, Jeffrey Walton wrote:
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a
valid
leaf certificate to act as a CA and "issue" an invalid certificate.
Why was this introduced in a patch release? I thought
improved chain building was a new feature, and thus
delineated by a library version number such as 1.0.2 or
1.0.3 .
I *think* "improved" chain building should have present in the library
earlier. The methods always exited. See, for example, 4158,
https://www.ietf.org/rfc/rfc4158.txt.
Here's a real world failure due to previous, "naive" path building:
https://groups.google.com/d/msg/mailing.openssl.users/72_VQJmCmCU/hUMtemRNvRoJ.
The CA re-issued a root by changing the hash and serial number, but
recertifying the same public key and DN. Then, the server sent the old
root too as an intermediate. So there were two roots available, each
with the same DN.
In fact, I thought that was the reason we all
had to wait ages before this long standing shortcoming
was fixed.
It almost sound like you are complaining you did not have to wait ages :)
It's the inconsistency of first insisting this cannot go
into a patch and then pushing out a broken implementation
inside a patch which was only supposed to fix security
and build issues.
This is the kind of event which has caused many dists
to cherry pickindividual changes rather than just
following the official releases.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
