OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1
Kurt Roeckx
kurt at roeckx.be
Wed Aug 11 19:20:42 UTC 2021
On Wed, Aug 11, 2021 at 09:53:14PM +0300, Nicola Tuveri wrote:
> On the other hand, 1.1.1 is not in its last year of support so it is not
> limited to security fixes only.
>
> The commits which this vote proposes to revert fixed a bug that produced
> invalid output from functions with a clear intent.
> This might have security repercussions, as the user might end up signing
> something which is unexpectedly invalid.
> But even without concrete security vulnerabilities on record, if we
> classify invalid output as a bug this should be fixed in 1.1.1.
>
> There are applications that might be broken, because they relied on the
> buggy behavior for producing invalid output as intermediate data, but, as
> mentioned in #16266, there are ways of producing the required non-x509 data
> without abusing functions meant to produce valid x509.
>
> It is unfortunate for existing applications to break upon a patch release,
> but given that patch releases for 1.1.1 are meant to fix security defects
> and bugs, this is inevitable for any application relying on buggy behavior
> (especially as in the case that triggered this discussion, which configures
> a clear abuse of the API, while alternative non-abusive ways of achieving
> the intended result exist).
There are a lot of things we accept in a certificate we shouldn't.
And I would like to fix all of them. But fixing them in stable
branches is going to cause people problems and prevent them from
upgrading to a newer version and getting other security fixes.
I prefer to only do breaking changes in a minor version.
Kurt
More information about the openssl-project
mailing list