Validate TLS certificates [$155 awarded] #156
Comments
|
Validate for what? I bet openssl already makes sure that there are no malformed certificates involved :-P |
|
The domain, date, the CA, etc? |
|
Yes, OpenSSL can do those things, but you need to make sure you've asked for it. |
|
What exactly do you mean with "those things"? I am pretty sure that, for example, OpenSSL cannot check if a given domain name matches the certificate's subject. |
|
What we need to check:
|
|
I believe this is an important issue. Here's a PDF with an abundance of information on the topic: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf By default, OpenSSL does not throw a run-time exception if the certificate is self-signed or has an invalid chain of trust. Instead, it sets flags. Furthermore, OpenSSL does not provide any hostname verification. |
|
Some old code that I once wrote for something like this: https://github.com/psychon/znc/commits/openssl-experiments However, this is security-sensitive stuff and I have no clue about what exactly the rules for this kind of things are. In other words: I feel really unsure about this and have no clue if it is correct. (Also, I didn't look at the branch in years...) |
|
Given that very few IRC servers have valid certificates, "trust on first use" in addition to the chain validation would be more useful... |
|
User should be presented an option to allow cert, if the cert is invalid. User should explicitly allow this particular invalid cert. "trust on first use" is bad if you want security |
Isn't that exactly what "trust on first use" usually means? |
|
Hm, if it means that, ok... For me it sounded like "if we connect to the server for the first time, trust it anyway". |
|
Just for reference, here is how HexChat implements it: https://github.com/hexchat/hexchat/blob/master/src/common/server.c#L624 Though I don't see that they would validate the CN, too… :-) grawity, DarthGandalf: Looking at how other programs handle invalid certificates, I'd say there could be two approaches:
In the mean time, https://www.stunnel.org/ can be used to establish a secure SSL connection from the bouncer to the IRC server (thanks to a friend of mine for recommending me this). |
|
I added a bounty to this :) I'd love for ZNC to verify that:
|
|
How should it be handled with different fingerprints? |
|
Hmm, I'm not sure, a list of fingerprints sounds reasonable to me. |
|
You could orientate yourself by the IRC-client Irssi. It provides the following options:
For ZNC a Not being able to verify the servers certificate is currently stopping me from using ZNC, so I would gladly see this feature in future versions. |
|
Yup, I hope to fix this by next release... |
kylef
changed the title
|
How about Not sure what's better – should the user CAs override, or extend, the global CAs? Option would be nice, as both are useful. |
znc-bountysource
changed the title
znc-bountysource
changed the title
What we need to check:
- The peer name (or alt), wild comparison, could be "*.example.com".
- If any certificate in the chain has expired.
- Ensure root certificate is trusted (the OS/distro usually packages a set of CA files to compare this against).
- Validate the certificate chain (ensure each certificate in the chain is signed correctly by the certificate above).
--- The **[$155 bounty](https://www.bountysource.com/issues/674-validate-tls-certificates?utm_campaign=plugin&utm_content=tracker%2F1759&utm_medium=issues&utm_source=github)** on this issue has been claimed at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F1759&utm_medium=issues&utm_source=github).The text was updated successfully, but these errors were encountered: