Bugs item #3409348, was opened at 2011-09-14 06:29
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3409348&group_id=976
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: bad behaviour
>Status: Pending
Resolution: None
Priority: 6
Private: No
Submitted By: Eelco Dolstra (edolstra)
Assigned to: Daniel Stenberg (bagder)
Summary: Some DigiNotar certificates still accepted
Initial Comment:
Using the September 2, 2011 version of the CA bundle at http://curl.haxx.se/docs/caextract.html, curl still accepts some websites that have been signed by the compromised DigiNotar. Even though the DigiNotar root CAs were removed from the bundle, de "Staat der Nederlanden Root CA" (Dutch government root CA) is still in the bundle, which was used to sign various DigiNotar CAs.
An example is https://www.aivd.nl/ (Dutch secret service), which as of September 14 still uses a DigiNotar CA. This website is rejected by Firefox 6.0.2 and Chrome, but curl with the CA bundle still accepts it. The certificate chain is "Staat der Nederlanden Root CA" -> "Staat der Nederlanden Overheid CA" -> "DigiNotar PKIoverheid CA Overheid en Bedrijven" -> "www.aivd.nl".
Probably the CA bundle should explicitly blacklist the DigiNotar CAs (like Firefox has done), rather than merely remove them. The "Staat der Nederlanden" CAs should not be removed because they have not been compromised themselves. (Example: https://belastingbalie.eindhoven.nl/ should continue to work.)
See also the discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=683449 and https://bugzilla.mozilla.org/show_bug.cgi?id=683261.
Curl output:
$ curl -v https://www.aivd.nl/
* About to connect() to www.aivd.nl port 443 (#0)
* Trying 62.112.230.143... connected
* Connected to www.aivd.nl (62.112.230.143) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=NL; O=Algemene Inlichtingen- en Veiligheidsdienst (2000000056); OU=IM; serialNumber=PK070001002339140; CN=www.aivd.nl
* start date: 2010-03-05 13:37:22 GMT
* expire date: 2013-03-05 13:37:22 GMT
* common name: www.aivd.nl (matched)
* issuer: C=NL; O=DigiNotar B.V.; CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-unknown-linux-gnu) libcurl/7.21.0 OpenSSL/1.0.0d zlib/1.2.5 libssh2/1.2.6
> Host: www.aivd.nl
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 301 Moved Permanently
< Content-Type: text/html; charset=UTF-8
< Location: http://www.aivd.nl/
< Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
< Date: Wed, 14 Sep 2011 13:16:00 GMT
< Content-Length: 142
< Age: 13
< X-Cache: HIT from asd1cc002.asp4all.nl
< Via: 1.1 asd1cc002.asp4all.nl:443 (squid)
< Connection: close
<
<head><title>Document Moved</title></head>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
<body><h1>Object Moved</h1>This document may be found here</body>
$ curl --version
curl 7.21.0 (x86_64-unknown-linux-gnu) libcurl/7.21.0 OpenSSL/1.0.0d zlib/1.2.5 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM SSL libz
$ head -n 5 /etc/ssl/certs/ca-bundle.crt
##
## ca-bundle.crt -- Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Fri Sep 2 23:34:57 2011
##
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-12-14 02:38
Message:
Since nobody seems to be working on a patch for this, I intend to add a
note about this issue in the KNOWN_BUGS document and soon close this bug
report with resolution "later".
----------------------------------------------------------------------
Comment By: https://www.google.com/accounts ()
Date: 2011-11-30 16:11
Message:
Is there a patch for this I could use?
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-11-23 06:54
Message:
Sorry, I should clarify: that's how far we can go with the cacert bundle.
This bug report says we should blacklist and check for specific
certificates in the SSL code. I guess that is a good idea, and I wouldn't
object if someone provides a patch to us that works along these lines.
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-11-23 06:51
Message:
The script that extracts CA certs to trust from Mozilla previously didn't
properly exclude certs that were present but especially marked as
UN-trusted. It does now.
Thus, the exported cacert bundle should not contain any cert that Mozilla
doesn't trust.
AFAIK, that's as far as we can go.
----------------------------------------------------------------------
Comment By: Eelco Dolstra (edolstra)
Date: 2011-11-23 02:53
Message:
If a PEM certificate cannot actually blacklist a CA, then how can the
updated export script support this?
In any case, unfortunately, it's hard to test now because (as far as I
know) all Dutch government sites that were using a DigiNotar certificate
(like https://www.aivd.nl) have migrated to new certificates.
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-11-22 14:06
Message:
The export script has been updated and should work much better now. Do you
still see any problems?
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-09-14 13:20
Message:
AFAIK, a PEM cert cannot block any certs, it is only a list of valid CA
certs. Thus I don't believe we can blacklist things with it.
I'm certainly not an expert on this, but doesn't this imply that some of
the certs our script converts to PEM still shouldn't be converted? Would we
need to use the blacklist Firefox has or is there some other magic we
should use?
The bug here is in the mk-ca-bundle.pl script:
https://github.com/bagder/curl/blob/master/lib/mk-ca-bundle.pl
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3409348&group_id=976
Received on 2012-03-16