#468 closed defect (worksforme)
X509_NAME_oneline and strings
Reported by: | Jeffrey Walton | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | |
Keywords: | openssl certifcate validation | Cc: | |
uname -a: |
$ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64 |
||
nginx -V: |
$ objs/nginx -V
nginx version: nginx/1.4.4 TLS SNI support enabled configure arguments: --with-http_ssl_module |
Description
X509_NAME_oneline does not handle embedded NULLs properly (among other issues). From the OpenSSL docs (https://www.openssl.org/docs/crypto/X509_NAME_print_ex.html): "The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications."
The attacks have been used in practice. "More Tricks For Defeating SSL In Practice", https://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf.
Note:
See TracTickets
for help on using tickets.
Interesting, but looks unrelated. And, BTW, X509_NAME_oneline() handles NULLs, it's just a question how do you define "properly".