On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote: > On Mon, Oct 12, 2009, Victor B. Wagner wrote: > > > > > BTW, it seems that most applications which actualy use CRLs, such as > > Apache, openvpn and stunnel, do implement lookup of certicate in the CRL > > in its own code, not relying on X509_V_FLAG_CRL_CHECK in X509_STORE. > > > > > > In some cases CRL lookup is done manually because the code originates from a > time when OpenSSL didn't perform its own CRL lookup.
> Some of this mishandles CRLs and doesn't reject CRLs containing unhandled > critical extensions. This raises security concerns: for example it would be > possible to substitue CRLs of limited scope and fool such applications into > thinking revoked certificates were valid. Of course, application-level handling of such important thing as CRL lookup would raise security problems. Authors of crypto library should know better about such problems, then authors of application. But there are serious problems with X509_STORE object and default lookup methods in OpenSSL just now. I think that we should fix this problems first, and then urge authors of applications to use OpenSSL code rather than to reinvent the wheel. First of all, X509_STORE working is not documented at all. Authors of applications just have no source of information how to handle certificate verification except the source code of verify utility. (which is not well suited for server authors, because it is not intended to run for weeks without restart). Second, there is problem with aggressive caching and unused cache field, which I've mentioned in previous letter. Third, there should be guidelines for implementors of custom lookup method. At least such as there exist for implemetors of UI_METHODS which are quite verbose comments in the header file. Fourth, I've spend hours studying of X509_STORE source code and cannot realize how it would handle CA certificate rollover. I.e. is setting of subjectKeyIdentifier and authorityKeyIdentifier sufficient to recognize difference between old and new CA certificate or when I'm issuing new CA certificate I have to make its DN unique. If we want application writers to use OpenSSL code securely, we should somehow provide them clear understanding which security threats we care of, and how we handle them. > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org