[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

[Raphael Geissert]

On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
> On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
> > Their is also openssl-blacklist, but it doesn't seem to have
> > much users.

However, opensl-blacklist only includes a program that checks wether a 
certificate is weak, nothing in it AFAICS actually blocks them. It's basically 
useless for this case.

> After having read the bug report, I think we need to have a way
> to say that we don't trust a CA, or have a concept for which
> things we do trust a CA.  I think NSS has this concept, but
> openssl or ca-certificates clearly can't express this currently.
> 
> An other way of saying the same thing  would be to be able to
> blacklist a CA.  The openssl-blacklist only contains a list of
> blocked certificates, but nothing in it now checks the trust
> path to see if it's used anywhere in the chain.

The only currently supported methods are OCSP and CRL, but none would do the 
trick in this case.

I was thinking about hard-coding a check for CN=* DigiNotar * most likely in 
libcrypto's X.509 support, but so far my lack of knowledge of OpenSSL's 
internals has me a bit lost.
Hard-coding it is suboptimal, but I think it is the only reasonable solution 
for the time being. We can't wait weeks or months for a better solution.

What do you think about making such change?

> If we want to add something, it would be nice if all SSL/TLS
> libraries could do that.  As far as I know, this currently
> includes:
> - openssl
> - gnutls
> - nss
> - polarssl
> 
> I think I'm forgetting something for java.  And have the feeling
> I still forget something else.

Java: JSSE (but not sure what its status is in openjdk)
python-tlslite
yassl (cyassl now?), only used by mysql last time I checked
Not sure if we have a copy of cryptlib somewhere

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net