Re: IE SSL Vulnerability

From: Balazs Scheidler (bazsiat_private)
Date: Thu Aug 08 2002 - 08:28:57 PDT

Next message: Chris: "Re: CSS bug in Winamp"

Previous message: Torbjörn Hovmark: "Re: IE SSL Vulnerability"
In reply to: Balazs Scheidler: "Re: IE SSL Vulnerability"
Next in thread: Torbjörn Hovmark: "Re: IE SSL Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 08, 2002 at 01:38:46PM +0200, Balazs Scheidler wrote:
> On Mon, Aug 05, 2002 at 04:03:29PM -0700, Mike Benham wrote:
> 
> > However, there is a slightly more complicated scenario.  Sometimes it is
> > convenient to delegate signing authority to more localized authorities.
> > In this case, the administrator of www.thoughtcrime.org would get a chain
> > of certificates from the localized authority:
> > 
> > [Issuer: VeriSign / Subject: VeriSign]
> > -> [Issuer: VeriSign / Subject: Intermediate CA]
> >    -> [Issuer: Intermediate CA / Subject: www.thoughtcrime.org]
> > 
> > When a web browser receives this, it should verify that the CN field of
> > the leaf certificate matches the domain it just connected to, that it's
> > signed by the intermediate CA, and that the intermediate CA is signed by a
> > known CA certificate.  Finally, the web browser should also check that all
> > intermediate certificates have valid CA Basic Constraints.
> > 
> > You guessed it, Internet Explorer does not check the Basic Constraints.
> 
> As OpenSSL's default verify callback does not check basic constraints,
> clients that utilize openssl as backend, and verify server certificates can
> be affected too.
> 
> w3m for example does no basic constraints checking on its own, and neither
> does lynx.
> 
> As I see the curl library does no basic constraints checking, so anything
> that uses curl to fetch https urls are affected too.
> 
> As a final example, stunnel does not check basic constraints either. The
> latter is usually using self generated certificates, so the impact is not
> that severe.
> 
> An untested (but compiling) code fragment which checks basicConstraints.ca
> field is below (it is to be insterted into the SSL verify_callback):

Update: I was wrong claiming openssl does not check basic constraints by
default. I was looking at the wrong code, it is implemented in crypto/x509v3
where purpose checking is implemented.

So programs using openssl are safe.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

Next message: Chris: "Re: CSS bug in Winamp"
Previous message: Torbjörn Hovmark: "Re: IE SSL Vulnerability"
In reply to: Balazs Scheidler: "Re: IE SSL Vulnerability"
Next in thread: Torbjörn Hovmark: "Re: IE SSL Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 10 2002 - 19:25:40 PDT