New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: root_cgo_darwin and root_nocgo_darwin omit some system certs [1.10 backport] #26039

Open
gopherbot opened this Issue Jun 25, 2018 · 2 comments

Comments

Projects
None yet
5 participants
@gopherbot

gopherbot commented Jun 25, 2018

@FiloSottile requested issue #24652 to be considered for backport to the next 1.10 minor release.

There are multiple issues with our macOS root discovery.

The cgo path is unaware of defaults, documented at https://developer.apple.com/documentation/security/1400261-sectrustsettingscopytrustsetting, so it will omit the following certificate.

Cert 1: mkcert development CA
   Number of trust settings : 0

CL 104735 is an incomplete fix, because if trustSettings are present but don't have a kSecTrustSettingsResult value, it defaults to trustRoot. So it will omit the following certificate.

Cert 1: mkcert development CA
   Number of trust settings : 1
   Trust Setting 0:
      Policy OID            : SSL

The nocgo path, on the other hand, asks security verify-cert to use the default verification policy, basic, so it will omit the following certificate.

Cert 1: mkcert development CA
   Number of trust settings : 1
   Trust Setting 0:
      Policy OID            : SSL
      Result Type           : kSecTrustSettingsResultTrustRoot

Finally, the cgo path is checking if any policy (ssl or any other explicitly set) has a kSecTrustSettingsResult value (ignoring the defaults, see above), with the last one in the array winning, omitting the following certificate (!!).

Cert 1: mkcert development CA
   Number of trust settings : 2
   Trust Setting 0:
      Policy OID            : SSL
      Result Type           : kSecTrustSettingsResultTrustRoot
   Trust Setting 1:
      Policy OID            : Code Signing
      Result Type           : kSecTrustSettingsResultDeny

And I didn't even get into allowed errors.

It's fairly late in the freeze, but I'm inclined to fix these, and maybe even backport them, because ignoring the policy types can lead to inclusion of roots that are not supposed to be trusted for TLS, and although crypto/x509 is not TLS-specific, it is meant to serve the WebPKI. @agl agree?

@gopherbot please open the backport tracking issues.

@katiehockman

This comment has been minimized.

Contributor

katiehockman commented Oct 30, 2018

Approved since this is a security patch. Please follow the instructions at https://github.com/golang/go/wiki/MinorReleases to create the cherrypick CL.

I will defer to @FiloSottile as to which CLs should be backported.

@dmitshur

This comment has been minimized.

Member

dmitshur commented Nov 2, 2018

Moving to Go 1.10.6 milestone as this isn't ready for 1.10.5.

@dmitshur dmitshur modified the milestones: Go1.10.5, Go1.10.6 Nov 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment