Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Wed, Sep 07, 2011 at 10:06:55PM -0500, Raphael Geissert wrote:
> On Wednesday 07 September 2011 10:57:51 Raphael Geissert wrote:
> > On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
> > > So you're basicly saying that X509_verify_cert() should give an
> > > error in case it finds DigiNotar somewhere in the chain?
> > >
> > > I'm not opposed to such a change, but would like to see a better
> > > option in the future.
> > Yes. I will try to spend some time with a debugger later today to find the
> > right place to implement such check. Or do you have any hint? (the cn
> > validation functions didn't seem to be executed in one case I tried)
> Attached is the first version of patch against the 1.0.0 series that does that.
> I implemented it in check_name_constraints, but given that 0.9.8 doesn't have
> support for name constraints I might as well move it to a separate function.
> I've tested it on the rogue *.google.com cert with verify(1) and a few others
> with different clients (tried the urls mentioned on the bug report, of which
> only ingcommercialbanking still uses a DigiNotar cert.)
> Attached are a bundle of the certs needed to verify(1) the rogue google cert,
> and the rogue cert itself. Perhaps they could be included in the test suite.
> The patch for 0.9.8 is also attached, but I haven't tested it yet. It was made
> based on squeeze's openssl and it seems to apply fine to lenny's openssl (just
> a few lines of difference.)
I wonder why you don't use the same patch for both. I think the
check_name_constraints() actually tries to test something else,
like that it's a well-formed name or something. So the new function
makes more sense to me.
Looking at the patch, it seems to make sense to me.
> Kurt, what do you think? would upstream be interested in the patch, or at
> least in reviewing it?
I can always try and ask them.