[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
> On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
> > On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
> > > Their is also openssl-blacklist, but it doesn't seem to have
> > > much users.
> However, opensl-blacklist only includes a program that checks wether a 
> certificate is weak, nothing in it AFAICS actually blocks them. It's basically 
> useless for this case.

It could theoreticly also be used to block any certificate if
we'd know the public key.  But I agree it's useless for this case.

> > After having read the bug report, I think we need to have a way
> > to say that we don't trust a CA, or have a concept for which
> > things we do trust a CA.  I think NSS has this concept, but
> > openssl or ca-certificates clearly can't express this currently.
> > 
> > An other way of saying the same thing  would be to be able to
> > blacklist a CA.  The openssl-blacklist only contains a list of
> > blocked certificates, but nothing in it now checks the trust
> > path to see if it's used anywhere in the chain.
> The only currently supported methods are OCSP and CRL, but none would do the 
> trick in this case.

I guess OCSP/CRL is only called for the top most certificate, and all
the CAs in the chain aren't checked in most applications.  I thought
I read Entrust revoked their signature, and in theory that should
be enough.

At least the openssl "verify" util has a "-crl_check", and
"-crl_check_all", but it doesn't do OCSP.

> I was thinking about hard-coding a check for CN=* DigiNotar * most likely in 
> libcrypto's X.509 support, but so far my lack of knowledge of OpenSSL's 
> internals has me a bit lost.
> Hard-coding it is suboptimal, but I think it is the only reasonable solution 
> for the time being. We can't wait weeks or months for a better solution.
> What do you think about making such change?

So you're basicly saying that X509_verify_cert() should give an
error in case it finds DigiNotar somewhere in the chain?

I'm not opposed to such a change, but would like to see a better
option in the future.


Reply to: