----- Original Message ----- > From: "John Denker via RT" <[email protected]> > Cc: [email protected] > Sent: Sunday, August 24, 2014 11:45:33 AM > Subject: [openssl.org #3502] nameConstraints bypass bug > > At present, it is pathetically easy to trick openssl into > bypassing nameConstraints. All you need to do is put > some evil DNS name in the common name and not provide > any subjectAltName list. > > I checked; this bug is present in openssl-1.0.1i; > openssl s_client happily connects to bypass.jdenker.com > in defiance of my CA's nameConstraints. This affects > widely-used apps including curl, lynx, and wget, although > I only checked them as of 1.0.1f. > > If you want a live demonstration, try the following: > wget http://www.av8n.com/av8n.com_Root_CA.pem > echo bde600da763f4105ceb64913d0ed5838 av8n.com_Root_CA.pem | md5sum -c - > SSL_CERT_FILE=av8n.com_Root_CA.pem curl > https://bypass.jdenker.com:444/hello.txt > Observed behavior: Command succeeds, prints "Hello, world!" > Desired behavior: Should fail, due to violation of nameConstraints. > Similarly, the following succeeds, but should not: > :| openssl s_client -CAfile av8n-root-ca-cert.pem -connect > bypass.jdenker.com:444
I don't think s_client does any host name checking by default, even in master branch. Have you tried using `-verify_hostname bypass.jdenker.com`, optionally with `-verify_name ssl_server`? -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: [email protected] Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
