[openssl-dev] [openssl.org #3502] nameConstraints bypass bug
Viktor Dukhovni
openssl-users at dukhovni.org
Mon May 30 19:25:52 UTC 2016
On Mon, May 30, 2016 at 06:56:17PM +0000, Rich Salz via RT wrote:
> If there is no altname and there is a CN, we cannot assume that the CN is a
> hostname. Yes, for WebPKI this is true, but WebPKI has deprecated
> cn-as-hostname for more than a decade and mandated SAN names.
OpenSSL master supports internal host name checks via SSL_add1_host(),
X509_VERIFY_PARAM_set1_host(), or (less recommended) X509_check_host().
Various flags modify the behaviour of the built-in name checks:
SSL_set_hostflags(3)
X509_VERIFY_PARAM_set_hostflags(3)
In particular, we support the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
flag to make it possible to always consider the subject CN even
when DNS SANs are present. That flag is off by default and should
not be used:
https://tools.ietf.org/html/rfc6125#section-6.3
Security Warning: A client MUST NOT seek a match for a reference
identifier of CN-ID if the presented identifiers include a DNS-ID,
SRV-ID, URI-ID, or any application-specific identifier types
supported by the client.
Should there perhaps also be a new
X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
flag that would ask us to never match the subject CN against DNS
reference identifiers? And what should the default behaviour be?
(Should the new flag be on by default, requiring an explicit call
to SSL_set_hostflags(3) or X509_VERIFY_PARAM_set_hostflags(3) to
override the flag?)
--
Viktor.
More information about the openssl-dev
mailing list