|

»

gnutls_x509_crt_check_hostname()

View: New views

8 Messages — Rating Filter: Alert me

	gnutls_x509_crt_check_hostname() by Daniel Stenberg :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hey gnutls'ers! When I pass a cert and a hostname to the gnutls_x509_crt_check_hostname() function (I'm using 2.8.1-2 on a Debian Linux here), I'm seeing a problem I'd like your feedback on! If the server cert has a subjectAltName field that doesn't match, but also a CN that matches, it seems this function happily returns OK. The way I'm reading RFC2818, that's not what it is supposed to do: If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Am I wrong? -- / daniel.haxx.se _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daniel Stenberg <daniel@...> writes: > Hey gnutls'ers! > > When I pass a cert and a hostname to the > gnutls_x509_crt_check_hostname() function (I'm using 2.8.1-2 on a > Debian Linux here), I'm seeing a problem I'd like your feedback on! > > If the server cert has a subjectAltName field that doesn't match, but > also a CN that matches, it seems this function happily returns OK. The > way I'm reading RFC2818, that's not what it is supposed to do: > > If a subjectAltName extension of type dNSName is present, that MUST > be used as the identity. Otherwise, the (most specific) Common Name > field in the Subject field of the certificate MUST be used. > > Am I wrong? I agree with you. Looking at the code, though, it seems that at a first glance both the comments and the code suggests that this situation is taken into account. I've noticed that the code fails to check return values, so a corrupt SAN might be skipped, but I'm not sure if that applies in your situation. Can you post the certificate, or create one that exhibits the same problem? We'll need to do a 2.8.3 shortly so if there is another problem in this area, it would be nice to fix it at the same time. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Daniel Stenberg :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 12 Aug 2009, Simon Josefsson wrote: > Can you post the certificate, or create one that exhibits the same problem? Yes I can. I have the luxury of actually being able to repeat this problem within the curl test suite (test 311). This test was just added and thus made me notice this flaw... The exact cerficates used for this test are found here: http://cool.haxx.se/cvs.cgi/curl/tests/certs/ The "Server-localhost0h-sv.pem" is used for the server cert, while EdelCurlRoot-ca.crt is the cacert. -- / daniel.haxx.se _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message FWIW, I extended the self-test to check the situation you describe, and as far as I can tell it appears to do the right thing. Code in: http://git.savannah.gnu.org/cgit/gnutls.git/diff/tests/hostname-check.c http://git.savannah.gnu.org/cgit/gnutls.git/diff/tests/utils.c Compile as gcc -o hostname-check hostname-check.c -lgnutls utils.c Expected output is ... Testing pem9... Hostname correctly does not match (0) Hostname correctly matches (1) ... /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daniel Stenberg <daniel@...> writes: > On Wed, 12 Aug 2009, Simon Josefsson wrote: > >> Can you post the certificate, or create one that exhibits the same problem? > > Yes I can. I have the luxury of actually being able to repeat this > problem within the curl test suite (test 311). This test was just > added and thus made me notice this flaw... > > The exact cerficates used for this test are found here: > http://cool.haxx.se/cvs.cgi/curl/tests/certs/ > > The "Server-localhost0h-sv.pem" is used for the server cert, while > EdelCurlRoot-ca.crt is the cacert. Thanks. The extra spice needed here is that the SAN contains an embedded NUL. This is what I feared would happen if we return an error when NUL in CN/SAN values is discovered: some other code incorrectly uses the error to mean that there is no valid SAN field at all, and proceeds to check the CN instead. Possibly we need to return valid data, but make sure any NULs are correctly LDAP-escaped. Maybe we can come up with a simpler solution... /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daniel Stenberg <daniel@...> writes: > On Wed, 12 Aug 2009, Simon Josefsson wrote: > >> Can you post the certificate, or create one that exhibits the same problem? > > Yes I can. I have the luxury of actually being able to repeat this > problem within the curl test suite (test 311). This test was just > added and thus made me notice this flaw... > > The exact cerficates used for this test are found here: > http://cool.haxx.se/cvs.cgi/curl/tests/certs/ > > The "Server-localhost0h-sv.pem" is used for the server cert, while > EdelCurlRoot-ca.crt is the cacert. Looking into this further, I'm not able to reproduce it... The code below, that uses your cert, works for me with 2.8.2. It appears as if the patch that went into 2.8.2 to fix the security issue is effective. Am I doing something wrong? If you can convert the code into a test that incorrectly fails with 2.8.2 (or upcoming 2.8.3) it will be easier for me to fix it. jas@mocca:~$ gcc -o test test.c -lgnutls jas@mocca:~$ ./test Hostname correctly does not match (0) jas@mocca:~$ /Simon /* * Copyright (C) 2007, 2009 Free Software Foundation * * Author: Simon Josefsson * * This file is part of GNUTLS. * * GNUTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GNUTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GNUTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA / #include <string.h> #include <stdio.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> / Certificate with SAN and CN that match iff you truncate the SAN to the embedded NUL. */ char pem[] = "X.509 Certificate Information:\n" " Version: 3\n" " Serial Number (hex): 0b5d0a870d09\n" " Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Nothern Nowhere Trust Anchor\n" " Validity:\n" " Not Before: Tue Aug 04 22:07:33 UTC 2009\n" " Not After: Sat Oct 21 22:07:33 UTC 2017\n" " Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n" " Subject Public Key Algorithm: RSA\n" " Modulus (bits 1024):\n" " be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n" " c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n" " f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n" " ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n" " 19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n" " 07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n" " 93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n" " 29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n" " Exponent (bits 24):\n" " 01:00:01\n" " Extensions:\n" " Subject Alternative Name (not critical):\n" "warning: SAN contains an embedded NUL, replacing with '!'\n" " DNSname: localhost!h\n" " Key Usage (not critical):\n" " Key encipherment.\n" " Key Purpose (not critical):\n" " TLS WWW Server.\n" " Subject Key Identifier (not critical):\n" " 0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n" " Authority Key Identifier (not critical):\n" " 126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n" " Basic Constraints (critical):\n" " Certificate Authority (CA): FALSE\n" " Signature Algorithm: RSA-SHA\n" " Signature:\n" " 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n" " fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n" " e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n" " 62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n" " 6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n" " 84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n" " 5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n" " a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n" " 55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n" " a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n" " 7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n" " 5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n" " fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n" " d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n" " ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n" " bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n" "Other Information:\n" " MD5 fingerprint:\n" " 0b4d6d944200cdd1639008b24dc0fe0a\n" " SHA-1 fingerprint:\n" " ce85660f5451b0cc12f525577f0eb9411a20c76b\n" " Public Key Id:\n" " a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n" "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n" "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n" "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n" "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n" "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n" "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n" "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n" "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n" "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n" "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n" "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n" "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n" "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n" "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n" "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n" "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n"; int main (void) { gnutls_x509_crt_t cert; gnutls_datum_t data; int ret; ret = gnutls_global_init (); if (ret < 0) printf ("gnutls_global_init: %d\n", ret); ret = gnutls_x509_crt_init (&cert); if (ret < 0) printf ("gnutls_x509_crt_init: %d\n", ret); data.data = pem; data.size = strlen (pem); ret = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_PEM); if (ret < 0) printf ("gnutls_x509_crt_import: %d\n", ret); ret = gnutls_x509_crt_check_hostname (cert, "localhost"); if (ret) printf ("Hostname incorrectly matches (%d)\n", ret); else printf ("Hostname correctly does not match (%d)\n", ret); gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); return 0; } _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message D'oh - you said in your first e-mail that you were using 2.8.1. The problem was fixed in 2.8.2. So try upgrading. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: gnutls_x509_crt_check_hostname() by Daniel Stenberg :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 13 Aug 2009, Simon Josefsson wrote: > If you can convert the code into a test that incorrectly fails with 2.8.2 > (or upcoming 2.8.3) it will be easier for me to fix it. Confirmed to work properly in 2.8.3. Thanks! Sorry for the noise. -- / daniel.haxx.se _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls