On 2018-02-08, Kevin Chadwick <m8il1i...@gmail.com> wrote: > https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set1_host.html > > They say they NEED this because they can delete a whole load of code > that could have security bugs. > > Perhaps I am wrong but upon a quick glance, doesn't this just boil > down to some simple ORing?
They want to use libcrypto's cert name checking. That's fine, libressl has it too. There are 2 ways to use it, one is by explicitly calling X509_check_host, the other is to set a parameter with X509_VERIFY_PARAM_set1_host and have it verified implicitly, in the manual you cite openssl are advising people to use that instead because when sometime in the future they add DANE support, that will automatically suppress the check. libressl has the first fully (and that's enough to do what they want, apart from the "won't do something that might be needed in the future" bit). The weird thing is that libressl *DOES* have the second function in the library too, it's just not included in the public headers. I still don't understand why.. > How does this sit with > https://www.openbsd.org/papers/eurobsdcon2014-libressl.html > > The ressl API does provide one noteworthy feature. Hostname > verification. In order to make a secure TLS connection, you must do two > things. Validate the certificate and its trust chain. Then verify that > the hostname in the cert matches the hostname you've connected to. Lots > of people don't do the latter because OpenSSL doesn't do that latter. That's about the sane/simple interface that is now called libtls.
