-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ocsp: OCSP responses signed by invalid OCSP responder certificate should return signature verification error #43522
Comments
/cc @FiloSottile |
Another serious bug in OCSP response verification algo: ParseResponse from ocsp package does not check if embedded OCSP responder certificate is valid for signing OCSP responses; according to https://tools.ietf.org/html/rfc6960#section-4.2.2.2 such cert must include id-kp-OCSPSigning in an extended key usage (not required only if response is signed by CA cert directly). Just checked that OCSP package in go1.15.2 linux/amd64 accepts OCSP response signed using simple personal certificate (no OCSPSigning EKU in this cert) signed by same CA. OpenSSL in such scenario returns error like
Please do full embedded responder cert verification (i.e. expiration like above, EKU), not just signatures. |
The following dirty workaround outside of ParseResponse works for us:
Please verify and consider fixing inside ParseResponse routine. |
As far as I can tell, this is a duplicate of #40017. It is unfortunate the |
Until OCSP Verify is implemented consider commenting ParseResponse to warn people that it is not doing full OCSP response verification just some elements of it. |
In case of OCSP reponse signed with embedded OCSP responder cert (not by CA cert directly) ParseResponse from ocsp package does not check if embedded OCSP responder certificate is expired.
It seems...
https://pkg.go.dev/golang.org/x/crypto/ocsp#ParseResponse
https://github.com/golang/crypto/blob/master/ocsp/ocsp.go#L550
...only signatures are checked. This allows one to use old, expired OCSP responder certificate and its key to sign OCSP response and go application using ocsp.ParseResponse package will accept this response but should not (checked in go1.15.2 linux/amd64 but master sources seems to contain the same problem).
OpenSSL in such scenario throws
Response Verify Failure
error:Please see OpenSSL's OCSP response verification algo described on...
https://www.openssl.org/docs/man1.1.1/man1/ocsp.html#OCSP-Response-verification
...and do full responder cert verification, not just signatures.
Regards,
Paweł
The text was updated successfully, but these errors were encountered: