[openssl-dev] Is X509_V_FLAG_TRUSTED_FIRST safe to backport to 1.0.1

Fedor Indutny fedor at indutny.com
Thu Jan 15 17:06:05 UTC 2015 

Matt,

Thank you for reply.

May I ask you when do you think your patch may land in 1.0.2 or whatever?

If this is something of your long term goals and not going to land anywhere
soon. Could you please tell me about issues in my patch (either privately
or in publiс)?

Thank you again,
Fedor.

On Thursday, January 15, 2015, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 15/01/15 14:21, Matt Caswell wrote:
> >
> >
> > On 15/01/15 14:13, Fedor Indutny wrote:
> >> Hello!
> >>
> >> During the course of deprecation of stale 1024bit CA certs,
> >> node.js and io.js project teams have identified the problem with
> >> how OpenSSL client handles the server's certificate chain. It is
> >> quite evident that it ignores certificate store and loads issuer
> >> from the chain that was received. This leads to the problems with
> >> AWS and probably other service providers who sent the stale
> >> **alternative** certificate chain with same serial numbers, but
> >> 1024bit CA certificates.
> >>
> >> I have already tried proposing a solution to the OpenSSL team:
> >>
> >> https://www.mail-archive.com/openssl-dev@openssl.org/msg37721.html
> >>
> >> But one of the node.js contributors we have found this commit (from
> 2010):
> >>
> >>
> https://github.com/openssl/openssl/commit/db28aa86e00b9121bee94d1e65506bf22d5ca6e3
> >>
> >> The main question that I have is:
> >>
> >> Is it safe to float this patch on top of 1.0.1k and use it? From
> >> my knowledge of code it appears to be pretty harmless, however
> >> the fact that it wasn't backported in 5 years makes me wonder if
> >> it was considered safe after all.
> >
> > There are some concerns about the performance of trusted_first.
> > Successful certificate look ups are cached, whilst failed ones are not.
> > Therefore using trusted_first *could* have an adverse impact.
> >
> > This issue is currently under discussion within the dev team. I have an
> > alternative patch that addresses the same issue in a different way.
> > Essentially it works in a similar way to that which you proposed in
> > RT3637. However I have some issues with that patch, so I've done it
> > slightly differently.
> >
> > RT3621 is also relevant here.
>
> I should add that in any case this functionality would never be
> backported to 1.0.1 (only considered for future versions). 1.0.1 is a
> stable release and only sees bug fixes. This would be considered a
> feature and a significant change to the way certificates are verified.
>
> Matt
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150115/3a044bef/attachment.html>

More information about the openssl-dev mailing list