OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Balazs Scheidler (bazsi_at_balabit.hu)
Date: Thu Aug 08 2002 - 10:28:57 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Thu, Aug 08, 2002 at 01:38:46PM +0200, Balazs Scheidler wrote:
    > On Mon, Aug 05, 2002 at 04:03:29PM -0700, Mike Benham wrote:
    >
    > > However, there is a slightly more complicated scenario. Sometimes it is
    > > convenient to delegate signing authority to more localized authorities.
    > > In this case, the administrator of www.thoughtcrime.org would get a chain
    > > of certificates from the localized authority:
    > >
    > > [Issuer: VeriSign / Subject: VeriSign]
    > > -> [Issuer: VeriSign / Subject: Intermediate CA]
    > > -> [Issuer: Intermediate CA / Subject: www.thoughtcrime.org]
    > >
    > > When a web browser receives this, it should verify that the CN field of
    > > the leaf certificate matches the domain it just connected to, that it's
    > > signed by the intermediate CA, and that the intermediate CA is signed by a
    > > known CA certificate. Finally, the web browser should also check that all
    > > intermediate certificates have valid CA Basic Constraints.
    > >
    > > You guessed it, Internet Explorer does not check the Basic Constraints.
    >
    > As OpenSSL's default verify callback does not check basic constraints,
    > clients that utilize openssl as backend, and verify server certificates can
    > be affected too.
    >
    > w3m for example does no basic constraints checking on its own, and neither
    > does lynx.
    >
    > As I see the curl library does no basic constraints checking, so anything
    > that uses curl to fetch https urls are affected too.
    >
    > As a final example, stunnel does not check basic constraints either. The
    > latter is usually using self generated certificates, so the impact is not
    > that severe.
    >
    > An untested (but compiling) code fragment which checks basicConstraints.ca
    > field is below (it is to be insterted into the SSL verify_callback):

    Update: I was wrong claiming openssl does not check basic constraints by
    default. I was looking at the wrong code, it is implemented in crypto/x509v3
    where purpose checking is implemented.

    So programs using openssl are safe. 

    -- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1