[openssl-dev] [openssl.org #3562] leading dots in nameConstraints ... bug report and patch
Kurt Roeckx via RT
rt at openssl.org
Thu Jan 1 22:08:22 UTC 2015
On Thu, Jan 01, 2015 at 02:06:56PM -0500, Salz, Rich wrote:
> > This is a "security issue" in the sense that is a Type-II error (disallowing good
> > guys). It affects thousands of sites and who-knows-how-many users.
>
> Well, kinda. It disallows good guys who made a mistake and are violating the RFC. Sure, they're not written in stone and that particular RFC has its share of issues, but calling this a security issue doesn't seem right. Allowing greater interop, with minimal security exposure, seems a better way to put it. A more compliant fix is to re-issue the CA and its subordinates, while working the RFC issues through the IETF. But OpenSSL is very pragmatic.
You could either see this as violating the RFC or that it's
undefined in the RFC.
For email and others the RFC says it's about a hostname without
the '.' and so doesn't allow an extra label on the left side.
If it has the '.' it's about a domain, and it doesn't match as
hostname and so requires 1 or more labels on the left side.
For DNS it both the hostname and domain. It allows 0 or more
extra labels.
In the intermediate CA you see them use:
DNS:auth.gr
email:auth.gr
email:.auth.gr
The email is there twice to have both the 0 and 1+, while for DNS
this isn't needed since it's 0+.
The patch would change the behaviour that you can have both 0+
(without '.') and 1+ (with '.'). (I think the original patch
changed both of them to 0+.) This would then make it possible for
them to say that their root CA can't issue a certificate covering
whole .gr but that it needs have at least 1 extra label. I can
only really see this as being useful for a TLD. But then I would
also think that they don't trust themself.
It's my understanding that the only certificate that has a problem
is the root CA itself, since that has "DNS:.gr" in it. So in
theory the only thing they should do is replace the root CA and
have it sign the intermediates again.
Kurt
More information about the openssl-dev
mailing list