Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
> On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
> > On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
> > > Their is also openssl-blacklist, but it doesn't seem to have
> > > much users.
> However, opensl-blacklist only includes a program that checks wether a
> certificate is weak, nothing in it AFAICS actually blocks them. It's basically
> useless for this case.
It could theoreticly also be used to block any certificate if
we'd know the public key. But I agree it's useless for this case.
> > After having read the bug report, I think we need to have a way
> > to say that we don't trust a CA, or have a concept for which
> > things we do trust a CA. I think NSS has this concept, but
> > openssl or ca-certificates clearly can't express this currently.
> > An other way of saying the same thing would be to be able to
> > blacklist a CA. The openssl-blacklist only contains a list of
> > blocked certificates, but nothing in it now checks the trust
> > path to see if it's used anywhere in the chain.
> The only currently supported methods are OCSP and CRL, but none would do the
> trick in this case.
I guess OCSP/CRL is only called for the top most certificate, and all
the CAs in the chain aren't checked in most applications. I thought
I read Entrust revoked their signature, and in theory that should
At least the openssl "verify" util has a "-crl_check", and
"-crl_check_all", but it doesn't do OCSP.
> I was thinking about hard-coding a check for CN=* DigiNotar * most likely in
> libcrypto's X.509 support, but so far my lack of knowledge of OpenSSL's
> internals has me a bit lost.
> Hard-coding it is suboptimal, but I think it is the only reasonable solution
> for the time being. We can't wait weeks or months for a better solution.
> What do you think about making such change?
So you're basicly saying that X509_verify_cert() should give an
error in case it finds DigiNotar somewhere in the chain?
I'm not opposed to such a change, but would like to see a better
option in the future.