On 15/01/15 14:13, Fedor Indutny wrote: > Hello! > > During the course of deprecation of stale 1024bit CA certs, > node.js and io.js project teams have identified the problem with > how OpenSSL client handles the server's certificate chain. It is > quite evident that it ignores certificate store and loads issuer > from the chain that was received. This leads to the problems with > AWS and probably other service providers who sent the stale > **alternative** certificate chain with same serial numbers, but > 1024bit CA certificates. > > I have already tried proposing a solution to the OpenSSL team: > > https://www.mail-archive.com/openssl-dev@openssl.org/msg37721.html > > But one of the node.js contributors we have found this commit (from 2010): > > https://github.com/openssl/openssl/commit/db28aa86e00b9121bee94d1e65506bf22d5ca6e3 > > The main question that I have is: > > Is it safe to float this patch on top of 1.0.1k and use it? From > my knowledge of code it appears to be pretty harmless, however > the fact that it wasn't backported in 5 years makes me wonder if > it was considered safe after all.
There are some concerns about the performance of trusted_first. Successful certificate look ups are cached, whilst failed ones are not. Therefore using trusted_first *could* have an adverse impact. This issue is currently under discussion within the dev team. I have an alternative patch that addresses the same issue in a different way. Essentially it works in a similar way to that which you proposed in RT3637. However I have some issues with that patch, so I've done it slightly differently. RT3621 is also relevant here. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
