Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

[Raphael Geissert <geissert@debian.org>]

On Thursday 08 September 2011 16:57:56 Kurt Roeckx wrote:
> On Wed, Sep 07, 2011 at 10:06:55PM -0500, Raphael Geissert wrote:
> > The patch for 0.9.8 is also attached, but I haven't tested it yet. It was
> > made based on squeeze's openssl and it seems to apply fine to lenny's
> > openssl (just a few lines of difference.)
> 
> I wonder why you don't use the same patch for both.  I think the
> check_name_constraints() actually tries to test something else,
> like that it's a well-formed name or something.  So the new function
> makes more sense to me.

Yes, I rewrote the patch for 1.0.0 after my last message but it was pending a 
rebuild and re-test. I've attached it now.

I had the chance of testing the 098.v1 patch on squeeze and it passed all my 
tests. I haven't tested it on lenny yet, since the build system seems to be 
tricky and keeps modifying files even on debian/rules clean.

> > Kurt, what do you think? would upstream be interested in the patch, or at
> > least in reviewing it?
> 
> I can always try and ask them.

It'd be great if you handled that part.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Description: make X509_verify_cert indicate that any certificate whose
 name contains "DigiNotar" is revoked.
Origin: vendor
Forwarded: no
Last-Update: 2011-09-08
Bug: http://bugs.debian.org/639744

Index: openssl-1.0.0d/crypto/x509/x509_vfy.c
===================================================================
--- openssl-1.0.0d.orig/crypto/x509/x509_vfy.c
+++ openssl-1.0.0d/crypto/x509/x509_vfy.c
@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *c
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
+static int check_ca_blacklist(X509_STORE_CTX *ctx);
 
 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
 			unsigned int *preasons,
@@ -374,6 +375,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
+	ok = check_ca_blacklist(ctx);
+	if(!ok) goto end;
+
 #ifndef OPENSSL_NO_RFC3779
 	/* RFC 3779 path validation, now that CRL check has been done */
 	ok = v3_asid_validate_path(ctx);
@@ -820,6 +824,29 @@ static int check_crl_time(X509_STORE_CTX
 	return 1;
 	}
 
+static int check_ca_blacklist(X509_STORE_CTX *ctx)
+	{
+	X509 *x;
+	int i;
+	/* Check all certificates against the blacklist */
+	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+		{
+		x = sk_X509_value(ctx->chain, i);
+		/* Mark DigiNotar certificates as revoked, no matter
+		 * where in the chain they are.
+		 */
+		if (x->name && strstr(x->name, "DigiNotar"))
+			{
+			ctx->error = X509_V_ERR_CERT_REVOKED;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			if (!ctx->verify_cb(0,ctx))
+				return 0;
+			}
+		}
+	return 1;
+	}
+
 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
 			X509 **pissuer, int *pscore, unsigned int *preasons,
 			STACK_OF(X509_CRL) *crls)