[openssl-dev] Is X509_V_FLAG_TRUSTED_FIRST safe to backport to 1.0.1
Matt Caswell
matt at openssl.org
Thu Jan 15 14:22:51 UTC 2015
On 15/01/15 14:21, Matt Caswell wrote:
>
>
> On 15/01/15 14:13, Fedor Indutny wrote:
>> Hello!
>>
>> During the course of deprecation of stale 1024bit CA certs,
>> node.js and io.js project teams have identified the problem with
>> how OpenSSL client handles the server's certificate chain. It is
>> quite evident that it ignores certificate store and loads issuer
>> from the chain that was received. This leads to the problems with
>> AWS and probably other service providers who sent the stale
>> **alternative** certificate chain with same serial numbers, but
>> 1024bit CA certificates.
>>
>> I have already tried proposing a solution to the OpenSSL team:
>>
>> https://www.mail-archive.com/openssl-dev@openssl.org/msg37721.html
>>
>> But one of the node.js contributors we have found this commit (from 2010):
>>
>> https://github.com/openssl/openssl/commit/db28aa86e00b9121bee94d1e65506bf22d5ca6e3
>>
>> The main question that I have is:
>>
>> Is it safe to float this patch on top of 1.0.1k and use it? From
>> my knowledge of code it appears to be pretty harmless, however
>> the fact that it wasn't backported in 5 years makes me wonder if
>> it was considered safe after all.
>
> There are some concerns about the performance of trusted_first.
> Successful certificate look ups are cached, whilst failed ones are not.
> Therefore using trusted_first *could* have an adverse impact.
>
> This issue is currently under discussion within the dev team. I have an
> alternative patch that addresses the same issue in a different way.
> Essentially it works in a similar way to that which you proposed in
> RT3637. However I have some issues with that patch, so I've done it
> slightly differently.
>
> RT3621 is also relevant here.
I should add that in any case this functionality would never be
backported to 1.0.1 (only considered for future versions). 1.0.1 is a
stable release and only sees bug fixes. This would be considered a
feature and a significant change to the way certificates are verified.
Matt
More information about the openssl-dev
mailing list