Re: [7.8] Erroneous IssuerMismatch?
Locked
Re: [7.8] Erroneous IssuerMismatch?
 
|
Ah, this looks like VisualWorks’ chain order expectation is quite specific, i.e. I can force it to validate if I reorder the chain in the logical issuer precedence, validateCertificateChain: aCertificateChain ^connection session validateCertificateChain: (Array with: aCertificateChain first with: aCertificateChain third with: aCertificateChain second) asOrderedCollection for: self. Question is, which party to blame, VisualWorks’ implementation or the presentation of the chain by the server? As mentioned in the below email, OpenSSL seems to verify the presented chain just fine, so I’m leaning towards needing a fix on the VisualWorks’ end to not expect the chain to be ordered by the server, validateCertificateChain: chain "… The chain is expected to be ordered in the ascending order of the subject issuer relationship, i.e. subject before its issuer …" -Boris From: Boris Popov, DeepCove Labs In clean visual.im with HTTPS loaded, "trust a list of CAs provided by Mozilla" pem := (HttpClient get: 'http://curl.haxx.se/ca/cacert.pem') contents. bundle := CertificateFileReader new readFrom: pem readStream. X509Registry trustedCertificates addAll: bundle. "this shouldn't break?" HttpClient get: 'https://storage101.ord1.clouddrive.com'. Unhandled exception: Certificate Chain Invalid ! Security.X509.Certificate>>issuerMismatch: Security.X509.Certificate>>verifyIssuedBy: “using the same CA bundle with curl, things seem to work” C:\>curl -Iv --cacert cacert.bundle https://storage101.ord1.clouddrive.com * About to connect() to storage101.ord1.clouddrive.com port 443 (#0) * Trying 173.203.3.30... connected * Connected to storage101.ord1.clouddrive.com (173.203.3.30) port 443 (#0) * successfully set certificate verify locations: * CAfile: cacert.bundle CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: O=storage101.ord1.clouddrive.com; OU=Go to https://www.thawte.com/repository/index.html; OU=Thawte SSL123 certificate; OU=Domain Validated; CN=storage101.ord1.clouddrive.com * start date: 2012-02-01 00:00:00 GMT * expire date: 2014-04-01 23:59:59 GMT * common name: storage101.ord1.clouddrive.com (matched) * issuer: C=US; O=Thawte, Inc.; OU=Domain Validated SSL; CN=Thawte DV SSL CA * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.21.7 (amd64-pc-win32) libcurl/7.21.7 OpenSSL/0.9.8r zlib/1.2.5 > Host: storage101.ord1.clouddrive.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8 < Content-Length: 0 Content-Length: 0 < X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 < Date: Wed, 08 Feb 2012 02:14:42 GMT Date: Wed, 08 Feb 2012 02:14:42 GMT < * Connection #0 to host storage101.ord1.clouddrive.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): “using the same bundle with openssl, verify seems to return 1 for each element in the chain” C:\>openssl s_client -connect storage101.ord1.clouddrive.com:443 -CAfile cacert.bundle Loading 'screen' into random state - done CONNECTED(000001B0) depth=3 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=[hidden email] verify return:1 depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA verify return:1 depth=1 /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA verify return:1 depth=0 /O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com verify return:1 --- Certificate chain 0 s:/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com i:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA 1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=[hidden email] 2 s:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIEWDCCA0CgAwIBAgIQbcMvAKu2rcdE6yj+2KljTDANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEZMBcGA1UEAxMQVGhhd3RlIERWIFNTTCBDQTAe Fw0xMjAyMDEwMDAwMDBaFw0xNDA0MDEyMzU5NTlaMIHOMScwJQYDVQQKFB5zdG9y YWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20xOzA5BgNVBAsTMkdvIHRvIGh0dHBz Oi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeS9pbmRleC5odG1sMSIwIAYDVQQL ExlUaGF3dGUgU1NMMTIzIGNlcnRpZmljYXRlMRkwFwYDVQQLExBEb21haW4gVmFs aWRhdGVkMScwJQYDVQQDFB5zdG9yYWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvAZWkLtaBTGLhEX2fVsaP ke1tgzrUqqzshOykWF16rOztDTUL3hPEVE04cvJxFfve9INufmbkGJaAbAD/wMKB XwDATLkdNe9b500PU66L9kaERrhv8DGvNYvpTboFHIJOfJflZYwRROmzqTpxVC8o mt2m8t/6hI8z7RtescgiCSY/WAPPdnMREGxXPJdX+uCJYFaHyJDnY6u/n9FVLQBf j9FQpc0m5MqupEj8Il7zKEOYr7NjptRL1SLjO9rlsRY0gFGynsWpv3OyIs85/Cmm Wm0CbEL9xAFZqBpY/cvWqYda0xc9XCmtOWLFhiIw4jCyLDGFV3HtgwlFtdGiR/+9 AgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADA6BgNVHR8EMzAxMC+gLaArhilodHRw Oi8vc3ZyLWR2LWNybC50aGF3dGUuY29tL1RoYXd0ZURWLmNybDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQC5pkyX ppHOtUQg76frSPbvQJ06oc/D5/jmLEnu8wBf7/ZpDvHmoyCFGpN6UDEUEs3ZqB5v nv3c+TQYmUc0Sp8F+2AUEs4Nxj9gyf6cYiHzXXB3IzGlVwyFxiGy3yS2VmkTuY1o u7C2VIGhzLc4zTQep+3tds4hE0C2RpU8W1Sj9DPMfwPcU/V3EqHHiLgp6ytTzl+I JftjiLaIB7IsQVi2NJ+FHgtgzBt73sNiXjAKlrPCuz3mGatZ3dVKzy4a5O+NF4u2 VZrbztutxmjGHGi/BZWLZarZXefL7+Hm3WEVb8PQE4GxJxamRQr5VzrDULSm3pJv i048FF2LVbCqZ3/6 -----END CERTIFICATE----- subject=/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com issuer=/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA --- No client certificate CA names sent --- SSL handshake has read 3547 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 77134256A326CA171CB05D08BA6EEA6B3B953A7E733678222433421C4E359C58 Session-ID-ctx: Master-Key: EEEED07F92B706C930ECAD2D2747D2C7FA210D4B7D5FC76A689F1A5EDDCE1FA1E97CB68804A72C262A89C43118F75029 Key-Arg : None Start Time: 1328667045 Timeout : 300 (sec) Verify return code: 0 (ok) --- -Boris Sr. Software Engineer DeepCove Labs 4th floor, 595 Howe Street Vancouver, BC V6C 2T5 Canada _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
Re: [7.8] Erroneous IssuerMismatch?
|
|
It looks like proper ordering of the chain is recommended, but never enforced, so clients should always reorder before attempting to verify the chain for compatibility. In fact, some state that chains with unused certificates should also validate, which I doubt will be the case in the current strict implementation. Thoughts? validateCertificateChain: chain (self prepareForValidation: (chain sorted: [:a :b | a subjectDNInBytes = b issuerDNInBytes]) reversed) inject: nil into: [:subject :issuer | self verifyRevocationStatus: issuer; verifyValidityPeriod: issuer; verifyCriticalExtentions: issuer. subject ifNotNil: [self verifyCACertificate: issuer; verify: subject isIssuedBy: issuer]. issuer]. http://utcc.utoronto.ca/~cks/space/blog/tech/SSLChainOrder In practice the order doesn't seem to matter. As you might expect, common clients will accept and verify both out of order certificate chains and certificate chains with unnecessary and unused certificates. http://www.imc.org/ietf-pkix/old-archive-00/msg00668.html I dont think any order should be assumed. Your code should handle cert chains included in a registration response message a "bag of certs". Making assumptions as to the order of certs in structures designed to hold cert chains (i.e. a SEQ of certs, such as the caPubs structure) is probably a bad idea and will only cause interop problems down the line. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order. -Boris From: [hidden email] [mailto:[hidden email]] On Behalf Of Boris Popov, DeepCove Labs Ah, this looks like VisualWorks’ chain order expectation is quite specific, i.e. I can force it to validate if I reorder the chain in the logical issuer precedence, validateCertificateChain: aCertificateChain ^connection session validateCertificateChain: (Array with: aCertificateChain first with: aCertificateChain third with: aCertificateChain second) asOrderedCollection for: self. Question is, which party to blame, VisualWorks’ implementation or the presentation of the chain by the server? As mentioned in the below email, OpenSSL seems to verify the presented chain just fine, so I’m leaning towards needing a fix on the VisualWorks’ end to not expect the chain to be ordered by the server, validateCertificateChain: chain "… The chain is expected to be ordered in the ascending order of the subject issuer relationship, i.e. subject before its issuer …" -Boris From: Boris Popov, DeepCove Labs In clean visual.im with HTTPS loaded, "trust a list of CAs provided by Mozilla" pem := (HttpClient get: 'http://curl.haxx.se/ca/cacert.pem') contents. bundle := CertificateFileReader new readFrom: pem readStream. X509Registry trustedCertificates addAll: bundle. "this shouldn't break?" HttpClient get: 'https://storage101.ord1.clouddrive.com'. Unhandled exception: Certificate Chain Invalid ! Security.X509.Certificate>>issuerMismatch: Security.X509.Certificate>>verifyIssuedBy: “using the same CA bundle with curl, things seem to work” C:\>curl -Iv --cacert cacert.bundle https://storage101.ord1.clouddrive.com * About to connect() to storage101.ord1.clouddrive.com port 443 (#0) * Trying 173.203.3.30... connected * Connected to storage101.ord1.clouddrive.com (173.203.3.30) port 443 (#0) * successfully set certificate verify locations: * CAfile: cacert.bundle CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: O=storage101.ord1.clouddrive.com; OU=Go to https://www.thawte.com/repository/index.html; OU=Thawte SSL123 certificate; OU=Domain Validated; CN=storage101.ord1.clouddrive.com * start date: 2012-02-01 00:00:00 GMT * expire date: 2014-04-01 23:59:59 GMT * common name: storage101.ord1.clouddrive.com (matched) * issuer: C=US; O=Thawte, Inc.; OU=Domain Validated SSL; CN=Thawte DV SSL CA * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.21.7 (amd64-pc-win32) libcurl/7.21.7 OpenSSL/0.9.8r zlib/1.2.5 > Host: storage101.ord1.clouddrive.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8 < Content-Length: 0 Content-Length: 0 < X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 < Date: Wed, 08 Feb 2012 02:14:42 GMT Date: Wed, 08 Feb 2012 02:14:42 GMT < * Connection #0 to host storage101.ord1.clouddrive.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): “using the same bundle with openssl, verify seems to return 1 for each element in the chain” C:\>openssl s_client -connect storage101.ord1.clouddrive.com:443 -CAfile cacert.bundle Loading 'screen' into random state - done CONNECTED(000001B0) depth=3 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server [hidden email] verify return:1 depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA verify return:1 depth=1 /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA verify return:1 depth=0 /O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com verify return:1 --- Certificate chain 0 s:/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com i:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA 1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server [hidden email] 2 s:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIEWDCCA0CgAwIBAgIQbcMvAKu2rcdE6yj+2KljTDANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEZMBcGA1UEAxMQVGhhd3RlIERWIFNTTCBDQTAe Fw0xMjAyMDEwMDAwMDBaFw0xNDA0MDEyMzU5NTlaMIHOMScwJQYDVQQKFB5zdG9y YWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20xOzA5BgNVBAsTMkdvIHRvIGh0dHBz Oi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeS9pbmRleC5odG1sMSIwIAYDVQQL ExlUaGF3dGUgU1NMMTIzIGNlcnRpZmljYXRlMRkwFwYDVQQLExBEb21haW4gVmFs aWRhdGVkMScwJQYDVQQDFB5zdG9yYWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvAZWkLtaBTGLhEX2fVsaP ke1tgzrUqqzshOykWF16rOztDTUL3hPEVE04cvJxFfve9INufmbkGJaAbAD/wMKB XwDATLkdNe9b500PU66L9kaERrhv8DGvNYvpTboFHIJOfJflZYwRROmzqTpxVC8o mt2m8t/6hI8z7RtescgiCSY/WAPPdnMREGxXPJdX+uCJYFaHyJDnY6u/n9FVLQBf j9FQpc0m5MqupEj8Il7zKEOYr7NjptRL1SLjO9rlsRY0gFGynsWpv3OyIs85/Cmm Wm0CbEL9xAFZqBpY/cvWqYda0xc9XCmtOWLFhiIw4jCyLDGFV3HtgwlFtdGiR/+9 AgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADA6BgNVHR8EMzAxMC+gLaArhilodHRw Oi8vc3ZyLWR2LWNybC50aGF3dGUuY29tL1RoYXd0ZURWLmNybDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQC5pkyX ppHOtUQg76frSPbvQJ06oc/D5/jmLEnu8wBf7/ZpDvHmoyCFGpN6UDEUEs3ZqB5v nv3c+TQYmUc0Sp8F+2AUEs4Nxj9gyf6cYiHzXXB3IzGlVwyFxiGy3yS2VmkTuY1o u7C2VIGhzLc4zTQep+3tds4hE0C2RpU8W1Sj9DPMfwPcU/V3EqHHiLgp6ytTzl+I JftjiLaIB7IsQVi2NJ+FHgtgzBt73sNiXjAKlrPCuz3mGatZ3dVKzy4a5O+NF4u2 VZrbztutxmjGHGi/BZWLZarZXefL7+Hm3WEVb8PQE4GxJxamRQr5VzrDULSm3pJv i048FF2LVbCqZ3/6 -----END CERTIFICATE----- subject=/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com issuer=/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA --- No client certificate CA names sent --- SSL handshake has read 3547 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 77134256A326CA171CB05D08BA6EEA6B3B953A7E733678222433421C4E359C58 Session-ID-ctx: Master-Key: EEEED07F92B706C930ECAD2D2747D2C7FA210D4B7D5FC76A689F1A5EDDCE1FA1E97CB68804A72C262A89C43118F75029 Key-Arg : None Start Time: 1328667045 Timeout : 300 (sec) Verify return code: 0 (ok) --- -Boris Sr. Software Engineer DeepCove Labs 4th floor, 595 Howe Street Vancouver, BC V6C 2T5 Canada _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
Re: [7.8] Erroneous IssuerMismatch?
|
|
In reply to this post by Boris Popov, DeepCove Labs (SNN)
"Boris Popov, DeepCove Labs"<[hidden email]> wrote:
> It looks like proper ordering of the chain is recommended, but never > enforced, so clients should always reorder before attempting to verify > the chain for compatibility. In fact, some state that chains with unused > certificates should also validate, which I doubt will be the case in the > current strict implementation. Thoughts? Well, to be fair, in the specific context of SSL/TLS, the rules are spelled out quite clearly without any wiggle room, e.g. in TLS1.2: certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. So one could argue that the server should make sure the chain is ordered properly, in fact that would make more sense, because the server can only do it once, whereas this way you're imposing the burden on the client every time the chain is presented. That said, in the purely X.509 context, which is where we're delegating the validation anyway, we are free to mold the API in any way we see fit and we could certainly loosen it up a bit (considering Postel's robustness princple and all :-) There are also other aspects of certificate path validation algorithm as laid out in RFC#5280 that we have yet to get to, so I was hoping to address these types of issues in one go then. This is not the first report of these types of issues, I guess we should get to it sooner, rather than later. I'll see what we can do. Martin _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
Re: [7.8] Erroneous IssuerMismatch?
|
|
Martin,
Good point, I didn't find the spec reference in my original quick search this morning. Having said that, as you point out, real world application seems to differ slightly and, hence, the validator should account for it. This is the second time we ran into this issue, once with our own load balancer where the chain was ordered differently and, now, with the Rackspace's cloud files' API end point, of which we have very little control, obviously. Thanks, -Boris -----Original Message----- From: [hidden email] [mailto:[hidden email]] Sent: Wednesday, February 08, 2012 10:09 AM To: Boris Popov, DeepCove Labs Cc: [hidden email] Subject: RE: [vwnc] [7.8] Erroneous IssuerMismatch? "Boris Popov, DeepCove Labs"<[hidden email]> wrote: > It looks like proper ordering of the chain is recommended, but never > enforced, so clients should always reorder before attempting to verify > the chain for compatibility. In fact, some state that chains with > unused certificates should also validate, which I doubt will be the > case in the current strict implementation. Thoughts? Well, to be fair, in the specific context of SSL/TLS, the rules are spelled out quite clearly without any wiggle room, e.g. in TLS1.2: certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. So one could argue that the server should make sure the chain is ordered properly, in fact that would make more sense, because the server can only do it once, whereas this way you're imposing the burden on the client every time the chain is presented. That said, in the purely X.509 context, which is where we're delegating the validation anyway, we are free to mold the API in any way we see fit and we could certainly loosen it up a bit (considering Postel's robustness princple and all :-) There are also other aspects of certificate path validation algorithm as laid out in RFC#5280 that we have yet to get to, so I was hoping to address these types of issues in one go then. This is not the first report of these types of issues, I guess we should get to it sooner, rather than later. I'll see what we can do. Martin _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
| Free forum by Nabble | Edit this page |