Welcome! Log In Create A New Profile

Advanced

Re: SSL Alternative Subject Name validation

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
August 06, 2016 09:32AM
Hello!

On Thu, Aug 04, 2016 at 05:07:35PM +0200, Bart Warmerdam wrote:

> Hello,
>
> According to src/event/ngx_event_openssl.c (line ~ 3094)
>
> /*
> * As per RFC6125 and RFC2818, we check subjectAltName extension,
> * and if it's not present - commonName in Subject is checked.
> */
>
>
> But according to the https://tools.ietf.org/html/rfc6125 the validation this
> case is more restrictive:
>
> 0 If a subjectAltName extension of type dNSName is present in the
> certificate, it SHOULD be used as the source of the server's
> identity.
>
> This means that if e.g. an email address (GEN_EMAIL) is part of the
> subjectAltName, and no DNSName is present, the CN name is never checked in
> this case. I'd expect the CN to be checked in this case. The jump to the
> failed label should only be done if there was at least one DNSName. Do you
> share this view and do you accept a patch for this?

The quote above seems to be from a previous RFC as incorporated in
RFC 6125, Appendix B. This section is non-normative.

On the other hand, section 6.3 says:

Security Warning: A client MUST NOT seek a match for a reference
identifier of CN-ID if the presented identifiers include a DNS-ID,
SRV-ID, URI-ID, or any application-specific identifier types
supported by the client.

Moreover, use of CN-ID is strictly optional as per section 6.2.1:

o The list MAY include a CN-ID, mainly for the sake of backward
compatibility with deployed infrastructure.

That is, not checking CN at all is still perfectly compatible with
RFC 6125. The above is additionally summarized in the section
6.4.4, "Checking of Common Names".

The current code only checks CN if there are no subjectAltName
extension at all, and this approach looks safe while still
providing backward compatibility. I don't think this should be
changed unless there are good practical reasons to do so.

Note well that the code in question exists only to support old
versions of OpenSSL. With OpenSSL 1.0.2+ the X509_check_host()
function will be used instead.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

SSL Alternative Subject Name validation

Bart Warmerdam 698 August 04, 2016 11:08AM

Re: SSL Alternative Subject Name validation

Maxim Dounin 329 August 06, 2016 09:32AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 182
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready