Re: OCSP nonce was: RE: cvs commit: openssl/ssl s3_lib.c ssl.hssl_algs.cssl_ciph.cssl_locl.h tls1.h

Thu, 08 Feb 2001 10:49:09 -0800 

Rich Salz wrote:
> 
> I haven't looked at the openssl OCSP code recently...  well, okay I just
> took a look.  The comment for OCSP_check_nonce says it is wrong for a
> server to send a nonce if a client doesn't send one.  That's wrong: a
> server is always free to send a nonce, that's the only way it can
> guarantee its responses won't be re-used.
> 

Is it? I must admit that I regard RFC2560 as ambiguous in this and many
other regards and I have to imply some "interpretation" on what should
be done.

> If the client sends a nonce, the server should include the nonce in its
> reply. Some servers won't, either because they're broken or because they
> choose not to and the RFC allows it.
> 
> Since it appears that nothing within OpenSSL is call add1_nonce or
> check_nonce, but they are instead leaving it up to the client, then
> *OpenSSL is doing the right thing.*
> 

Yes thats one reason why that, and other things will be up to the
client.

Certificate verify is one example where things are particularly painful.
The wording includes something equivalent to "you can accept and reject
certificates for arbitrary additional reasons" or "you can do what the
hell you like".

Of the responders I've checked so far several use certificates that are
indistinguishable (in terms of extensions) from an end user certificate.
This generally means that they have to be added and trusted explicitly
and redone when they expire. However by applying an appropriate
interpretation on RFC2560 there's nothing actually wrong with that...

Thats one reason for the plethora of flags in OCSP_basic_verify() I'm
pretty sure that as more OCSP responders appear more "interpretations"
will have to be handled.

> Well, except the core dump of course. :)
> 

Fix will appear real soon now...

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to