Is it me or is python playing games with OpenSSL?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it me or is python playing games with OpenSSL?

Kevin Chadwick-4
https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set1_host.html

They say they NEED this because they can delete a whole load of code
that could have security bugs.

Perhaps I am wrong but upon a quick glance, doesn't this just boil
down to some simple ORing?

How does this sit with
https://www.openbsd.org/papers/eurobsdcon2014-libressl.html

The ressl API does provide one noteworthy feature. Hostname
verification. In order to make a secure TLS connection, you must do two
things. Validate the certificate and its trust chain. Then verify that
the hostname in the cert matches the hostname you've connected to. Lots
of people don't do the latter because OpenSSL doesn't do that latter.
You have to do it yourself, which requires knowing about things like
CommonNames and SubjectAltNames. The good news is that popular bindings
for languages like python and ruby include a function to verify the
hostname. The bad news is if you pick a python or ruby project at
random, they probably forget to do it. Another funny fact is that since
everybody has to write this code themselves, everybody does it a little
bit differently. Especially regarding handling of wildcard certificates
and everybody's favorite, embedded nul bytes. Hostname verification is
on by default in ressl, and the API is designed so that you always
provide a hostname; there's no way to accidentally call the function
that doesn't do verification.

Reply | Threaded
Open this post in threaded view
|

Re: Is it me or is python playing games with OpenSSL?

Stuart Henderson
On 2018-02-08, Kevin Chadwick <[hidden email]> wrote:
> https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set1_host.html
>
> They say they NEED this because they can delete a whole load of code
> that could have security bugs.
>
> Perhaps I am wrong but upon a quick glance, doesn't this just boil
> down to some simple ORing?

They want to use libcrypto's cert name checking. That's fine, libressl
has it too.

There are 2 ways to use it, one is by explicitly calling
X509_check_host, the other is to set a parameter with
X509_VERIFY_PARAM_set1_host and have it verified implicitly, in the
manual you cite openssl are advising people to use that instead
because when sometime in the future they add DANE support, that will
automatically suppress the check.

libressl has the first fully (and that's enough to do what they want,
apart from the "won't do something that might be needed in the future"
bit).

The weird thing is that libressl *DOES* have the second function in
the library too, it's just not included in the public headers.
I still don't understand why..



> How does this sit with
> https://www.openbsd.org/papers/eurobsdcon2014-libressl.html
>
> The ressl API does provide one noteworthy feature. Hostname
> verification. In order to make a secure TLS connection, you must do two
> things. Validate the certificate and its trust chain. Then verify that
> the hostname in the cert matches the hostname you've connected to. Lots
> of people don't do the latter because OpenSSL doesn't do that latter.

That's about the sane/simple interface that is now called libtls.