Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL
Sorry for the confusion.
We initially uploaded the wrong version of the paper and that's
something I noticed yesterday.
The code was out of sync with the repo on Github. I also changed a few
other things while I was at it.
Thanks for all the feedback.
2012/10/30 Jeffrey Walton noloa...@gmail.com:
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
case of a NULL hostname or certificate it is returned by the function,
unmodified.
My bad - you were right. I fetched the document again and some parts
were rewritten. The re-written document did not include the function
with HOSTNAME_VALIDATION_ERR. I'm not sure how I missed
hostname_matched was a return variable (I think I zero'd in on the
name, which implied a match).
Jeff
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On 10/29/2012 7:05 PM, Jeffrey Walton wrote: On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 10/27/2012 10:58 PM, Jeffrey Walton wrote: On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard certificates requires manually parsing ] the name to find the wildcard character, ensuring that it is ] in a valid location within the domain, and then trying to ] match the pattern with the server's expected hostname. Don''t do it because it violates the Principal of Least Privilege. Why should users be asked to trust the receptionist's machine in the lobby or a developer's machine with nearly anything installed? If you are in a multi-domain environment (such as Apache with virtual hosts), use multiple certificates or Server Name Indication (SNI). You obviously don't understand the proper uses and necessity of wildcard certificates: Actually, I do. Its not a risk I am willing to accept. As a security architect, I am more than happy to kick software that follows the practice. If you truly understand the part of my post that you removed (especially item 3), then your beliefs about its insecurity and your insistence on blocking it on behalf of others not so deluded are pure security theater. I will repeat my item 3 here for reference: 3. Being covered by a wildcard certificates name match does not give a computer access to the private key needed to actually use that certificate. The security model is that the wildcard cert identifies the organization, and the organization only installs the private key on trusted servers Put another way, a wildcard certificate identifies a person or organization, not a particular computer. The person/org decides which computers are trusted to represent them at the relevant level of assurance. It is the closest available approximation of giving the person/org a path-constrained intermediary CA, with the path constraint enforced for the DNS path, not the X.400 path. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Tue, Oct 30, 2012 at 10:03 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 10/29/2012 7:05 PM, Jeffrey Walton wrote: On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 10/27/2012 10:58 PM, Jeffrey Walton wrote: On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard certificates requires manually parsing ] the name to find the wildcard character, ensuring that it is ] in a valid location within the domain, and then trying to ] match the pattern with the server's expected hostname. Don''t do it because it violates the Principal of Least Privilege. Why should users be asked to trust the receptionist's machine in the lobby or a developer's machine with nearly anything installed? If you are in a multi-domain environment (such as Apache with virtual hosts), use multiple certificates or Server Name Indication (SNI). You obviously don't understand the proper uses and necessity of wildcard certificates: Actually, I do. Its not a risk I am willing to accept. As a security architect, I am more than happy to kick software that follows the practice. If you truly understand the part of my post that you removed (especially item 3), then your beliefs about its insecurity and your insistence on blocking it on behalf of others not so deluded are pure security theater. I will repeat my item 3 here for reference: 3. Being covered by a wildcard certificates name match does not give a computer access to the private key needed to actually use that certificate. The security model is that the wildcard cert identifies the organization, and the organization only installs the private key on trusted servers Put another way, a wildcard certificate identifies a person or organization, not a particular computer. The person/org decides which computers are trusted to represent them at the relevant level of assurance. It is the closest available approximation of giving the person/org a path-constrained intermediary CA, with the path constraint enforced for the DNS path, not the X.400 path. I've been in a shop where the development team set up a game server on a development box.The box was then put on the internet. The private key was not in an HSM, it was ripped the filesystem of an Apaches server. Its not just small shops that abuse things. Diginotar's private key was compromised too. So big shops which get audited also fail. I really don't care how the bad guy gets the private key. I expect it to happen. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
Thanks, Also it can be usefull to go back to the book 'Network Security with OpenSSL', pages 128 to 138. Michel. Le 27/10/2012 17:00, Alban D. a écrit : Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. Thanks, Alban D. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On 10/27/2012 10:58 PM, Jeffrey Walton wrote: On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard certificates requires manually parsing ] the name to find the wildcard character, ensuring that it is ] in a valid location within the domain, and then trying to ] match the pattern with the server's expected hostname. Don''t do it because it violates the Principal of Least Privilege. Why should users be asked to trust the receptionist's machine in the lobby or a developer's machine with nearly anything installed? If you are in a multi-domain environment (such as Apache with virtual hosts), use multiple certificates or Server Name Indication (SNI). You obviously don't understand the proper uses and necessity of wildcard certificates: 1. Many existing clients support no form of SNI (there are two forms for HTTP) or use protocols that will have difficulty supporting it. 2. The business model of commercial CAs make it economically infeasible for sites to acquire separate certificates for each low visibility service, such as enabling STARTTLS on SMTP to a backup MX. But acquiring a wildcard cert shared by all such services is affordable and does not require a purchase bureaucracy every time an additional server is brought online. 3. Being covered by a wildcard certificates name match does not give a computer access to the private key needed to actually use that certificate. The security model is that the wildcard cert identifies the organization, and the organization only installs the private key on trusted servers. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 10/27/2012 10:58 PM, Jeffrey Walton wrote: On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard certificates requires manually parsing ] the name to find the wildcard character, ensuring that it is ] in a valid location within the domain, and then trying to ] match the pattern with the server's expected hostname. Don''t do it because it violates the Principal of Least Privilege. Why should users be asked to trust the receptionist's machine in the lobby or a developer's machine with nearly anything installed? If you are in a multi-domain environment (such as Apache with virtual hosts), use multiple certificates or Server Name Indication (SNI). You obviously don't understand the proper uses and necessity of wildcard certificates: Actually, I do. Its not a risk I am willing to accept. As a security architect, I am more than happy to kick software that follows the practice. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization,
and in case of a NULL hostname or certificate it is returned by the
function, unmodified.
--
Erwann ABALEA
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
case of a NULL hostname or certificate it is returned by the function,
unmodified.
HOSTNAME_VALIDATION_ERR is not mentioned in
https://github.com/iSECPartners/ssl-conservatory/raw/master/everything-you-wanted-to-know-about-openssl.pdf.
Jeff
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
case of a NULL hostname or certificate it is returned by the function,
unmodified.
My bad - you were right. I fetched the document again and some parts
were rewritten. The re-written document did not include the function
with HOSTNAME_VALIDATION_ERR. I'm not sure how I missed
hostname_matched was a return variable (I think I zero'd in on the
name, which implied a match).
Jeff
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Most applications only have to connect to one or a few application ] servers. Therefore, the trust store should only contain the CA ] certificates needed to connect to those servers. Restricting the list ] of trusted CA certificate in such way is a security practice called ] certificate pinning. I don't believe this is correct. One does not pin a CA's certificate when using SSL/TLS (and VPN) with a Public CA Hierarchy. Suppose you are pinning a CA that gets compromised. The bad guy can the (1) generate spurious certificate for a legitimate site, and (2) sign with the compromised CA. Your program would accept the site's certificates as valid. Or suppose a CA decides to issue a Subordinate CA to allow SSL/TLS traffic interception. Again, your program would chose to accept. We've already seen these things happen with Diginotar (http://en.wikipedia.org/wiki/DigiNotar) and Trustwave (http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html and https://bugzilla.mozilla.org/show_bug.cgi?id=724929).). When discussing pinning with a public ca hierarchy, one pins either (1) the host's public key, or (2) the host's X509 certificate. Pinning a host's public key is nearly the same as StrictHostKeyChecking in SSH. Note: Google rotates its certificates regularly, but does not rotate its public keys. So you would definetly wnt to pin public keys (rather than certificates) for encrypted.google.com, gmail.com, etc. Pinning the public key (or certificate) leverages the pre-exsiting relationship to identify the host in question (this is all about identity). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Applications that need to be able to connect to any server on ] the Internet (such as browsers) could instead rely on Mozilla's ] list of root certificates used in Firefox. Mozilla cannot be trusted. When Trustwave issued a Subordinate CA to perform traffic interception on sites not under the operator's control, Mozilla rewarded their bad behavior by continuing their inclusion in the Root CA list. (http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html and https://bugzilla.mozilla.org/show_bug.cgi?id=724929). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
The way how common names are verified in The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software is not correct. It gives a false match when there is more than one common name ava __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard certificates requires manually parsing ] the name to find the wildcard character, ensuring that it is ] in a valid location within the domain, and then trying to ] match the pattern with the server's expected hostname. Don''t do it because it violates the Principal of Least Privilege. Why should users be asked to trust the receptionist's machine in the lobby or a developer's machine with nearly anything installed? If you are in a multi-domain environment (such as Apache with virtual hosts), use multiple certificates or Server Name Indication (SNI). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
