Am 20.05.17 um 14:57 schrieb Steffan Karger: > Commit 'Migrate to mbed TLS 2.x' (86d8cd68) introduced a bug in mbedtls > builds where we would calculate the certificate fingerprint over the > (too-short) 'to-be-signed' length of the certificate, rather than over the > certificate including the signature. Fix that. > > The security impact of the incorrect calculation is very minimal; the last > few bytes (max 4, typically 4) are not verified by the fingerprint. We > expect no real-world impact, because users that used this feature before > will notice that it has suddenly stopped working, and users that didn't > will notice that connection setup fails. > > Even if the user managed to somehow extract the incorrect hash (e.g. by > reading out the tls_digest_* env vars using a --tls-verify script), the > impact is miminal: the last 4 bytes must still be properly signed by the > CA, and typically contain extension fields, or the last bytes of the > public key (which are hard to choose). The most important bits of the > certificate were always checked: the version, serial, signature algorithm, > issuer, validity and subject. >
ACK and I agreee that we should not include backbwards compatible behaviour for the buggy hash. Arne ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
