[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

[Kurt, please CC me on your replies. The BTS' -subscribe functionality doesn't 
seem to be working]
[CC'ing ubuntu sec, in case Kees or Jamie or whoever is taking care of the 
issue is also working on something to completely block DigiNotar]

On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
> On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
> > The only currently supported methods are OCSP and CRL, but none would do
> > the trick in this case.
> I guess OCSP/CRL is only called for the top most certificate, and all
> the CAs in the chain aren't checked in most applications.  I thought
> I read Entrust revoked their signature, and in theory that should
> be enough.

As long as the client becomes aware of that revocation, yes.
DigiNotar's PKIOverheid CA also needs to be blocked. I don't remember reading 
any report of the gov already revoking it.

> At least the openssl "verify" util has a "-crl_check", and
> "-crl_check_all", but it doesn't do OCSP.

Yes, there's X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL.
OCSP can be checked with openssl ocsp, IIRC.

> > I was thinking about hard-coding a check for CN=* DigiNotar * most likely
> > in libcrypto's X.509 support, but so far my lack of knowledge of
> > OpenSSL's internals has me a bit lost.
> > Hard-coding it is suboptimal, but I think it is the only reasonable
> > solution for the time being. We can't wait weeks or months for a better
> > solution.
> > 
> > What do you think about making such change?
> So you're basicly saying that X509_verify_cert() should give an
> error in case it finds DigiNotar somewhere in the chain?
> I'm not opposed to such a change, but would like to see a better
> option in the future.

Yes. I will try to spend some time with a debugger later today to find the 
right place to implement such check. Or do you have any hint? (the cn 
validation functions didn't seem to be executed in one case I tried)

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to: