Hi, in openssl 1.1 you add a new function X509_check_host, see also RT#2909. In the current implementation it is incomplete and also wrong. The current reference to hostname checking should be RFC 6125, which describes the recommended general behavior and also the behavior for different protocols.
- wrong: according to RFC 6125 section 7.2 only the leftmost label should be checked for wildcards, but you support also something like www.*.example.com (there is even a test for it). - wrong: you match wildcards within IDNA labels (there is also a test for it), which is not allowed. While according to http://rt.openssl.org/Ticket/Display.html?id=2909#txn-35213 the IDNA handling could not be found in any standard, RFC 6125 section 7.2 is actually quite clear about it. - insufficient: you have a flag X509_CHECK_FLAG_NO_WILDCARDS to disable wldcard checking and a flag X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT to check the CN even if subject alternative names are present. That's not sufficient to describe the hostname checking which needs to be done for the various protocols: - http, xmpp, ftp (RFC2818, RFC3920, RFC4217, RFC6125): - X509_CHECK_FLAG_NO_WILDCARDS should be false - in theory X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT should be false too, but its behavior does not match whats required from the RFC: the current implementation does check CN if there are no subject alternative names, but it should check CN if the are no DNS subject alternative names. So if SAN sections contains only IP it should check CN too. - ldap (RFC4513) - ldap only allows in subject alternative names something like *.foo.com, but not x*.foo.com like it is allowed with http and done with the current wildcards check - it also should check the CN always, but does not allow wildcards in the CN - smtp, imap, pop3, nntp ... (RFC2595, RC4642, RFC5539...) - these protocols don't allow x*.foo.com too, e.g only *.foo.com - CN should be checked always and it allows wildcards too (*.foo.com not x*.foo.com) In the IO::Socket::SSL Perl-Module I've implemented the following ways to describe the behavior: - How wildcards can be matched inside subject alternative names: wildcards_in_alt: 0|leftmost|anywhere 0: no checking leftmost: *.foo.com but not x*.foo.com anywhere: x*.foo.com too - If CN should be checked at all: check_cn: 0|when_only|always 0: never check CN when_only: only check if no DNS names in subject alternative names always: always check CN too - How wildcards can be matched inside the CN: wildcards_in_cn: 0|leftmost|anywhere - probably useful: while no RFC currently forbids something like *.com you have a check to disallow wildcards in the two rightmost suffixes. I think it makes sense to have that, although it is not sufficient (e.g. *.co.uk should also not be allowed). But doing this 100% correct will be tricky, because there is currently no definition of correct behavior in this area: While chrome disallows *.co.uk firefox allows it. Regards, Steffen -- genua Gesellschaft fuer Netzwerk- und Unix-Administration mbH Domagkstrasse 7, 85551 Kirchheim bei Muenchen tel +49 89 991950-0, fax -999, www.genua.de Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander, Bernhard Schneck. Amtsgericht Muenchen HRB 98238 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org