Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#468 closed defect (worksforme)

X509_NAME_oneline and strings

Reported by: Jeffrey Walton Owned by:
Priority: minor Milestone:
Component: nginx-core Version:
Keywords: openssl certifcate validation Cc:
uname -a: $ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64
nginx -V: $ objs/nginx -V
nginx version: nginx/1.4.4
TLS SNI support enabled
configure arguments: --with-http_ssl_module

Description

X509_NAME_oneline does not handle embedded NULLs properly (among other issues). From the OpenSSL docs (https://www.openssl.org/docs/crypto/X509_NAME_print_ex.html): "The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications."

The attacks have been used in practice. "More Tricks For Defeating SSL In Practice", https://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf.

Change History (2)

comment:1 by Maxim Dounin, 11 years ago

Resolution: worksforme
Status: newclosed

Interesting, but looks unrelated. And, BTW, X509_NAME_oneline() handles NULLs, it's just a question how do you define "properly".

comment:2 by Jeffrey Walton, 11 years ago

... it's just a question how do you define "properly".

:)

Note: See TracTickets for help on using tickets.