SSL_CTX_set_verify uses the "wrong" certificate chain (cross signed certificate )
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Oct 3 15:37:12 UTC 2021
On Sun, Oct 03, 2021 at 01:54:44PM +0200, Alex Robuchon wrote:
> Thanks for the detailed answer.
>
> From strace I can see that I'm using /lib/x86_64-linux-gnu/libssl.so.1.1
>
> When I use the eventmachine lib that uses the wrong cert chain I can see
> with strace :
Run as far away from eventmachine as you can. The very first thing you
see in the code is a compiled in default "private key" (for all the
world to share).
https://github.com/eventmachine/eventmachine/blob/5cac87805f26b5cdc29eca713871c3374131d786/ext/ssl.cpp#L30-L123
Though applications can override these, and supply actual private keys,
it does not get better from there... The comments in the code show the
author punting on understanding the OpenSSL API and just guessing what
to do.
Indeed the code creates SSL_CTX objects without specifying either the
default or explicit trust stores.
The real disaster is in:
https://github.com/eventmachine/eventmachine/blob/5cac87805f26b5cdc29eca713871c3374131d786/ext/ssl.cpp#L675-L698
with a completely broken SSL verification callback, that completely
ignores all errors from the chain construction and signature
verification code, and just attempts to "verify" each certificate in
*isolation*.
https://github.com/eventmachine/eventmachine/blob/5cac87805f26b5cdc29eca713871c3374131d786/ext/ssl.cpp#L693-L697
This means:
* No verification of chain signatures
* No verification of path constraints
* No verification of name constraints
* No hostname checks.
* ...
This code was written by someone too clueless to know what they're
doing and too lazy to bother to learn. DO NOT USE IT.
Do whatever it takes to never rely on this code again. Even abandon
Ruby if that's what it takes...
--
Viktor.
More information about the openssl-users
mailing list