curl and certificate verification in jessie
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 4 16:53:05 UTC 2014
On 12/04/2014 10:41 AM, Ian Jackson wrote:
> I'm not an expert on TLS but I was under the impression that this
> behaviour - requiring that TLS authentication be done by a nontrivial
> certificate chain - was specified by the standards (presumably X.509
> rather than TLS). I could be wrong.
FWIW, i'm not convinced that there are any standards that say that a TLS
endpoint MUST validate its peer by means of a hierarchical CA.
even if there were, i suspect most implementations would provide a
mechanism to ignore that MUST.
The issue here is that GnuTLS upstream apparently wants to distinguish
between the "here's a CA" case and the "here's a certificate that's
valid for this host" case. 
The main argument seems to be that if you decide you are willing to rely
on a CA, that means you're accepting anything they give you.
But if you say "i believe this cert is ok for a peer" with no other
information, you're actually accepting the cert for *any* of the
subjectAltNames it has.
This makes it far too easy for me to visit https://some.random.example
and "accept" their cert, but not notice that the cert also has
alioth.debian.org as a subjectAltName. now the administrator of
some.random.example can impersonate alioth to me.
So, the idea is that when you "accept" an EE cert, you need to do it
with an explicit associate to a specific peer's name, not just the cert
itself. newer versions of GnuTLS provide this facility, but it's not
the traditional (and potentially dangerous) "here's a package of certs
i'm OK with" interface that it was before. And of course that interface
isn't used by curl yet.
Unfortunately, this is quite a subtle API change, and it's not clear how
to do it safely or sanely.
I'm currently unsure what the right thing to do is about this situation.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the Pkg-gnutls-maint