| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the old verifier, the verify callback can always return 1 instructing
the verifier to simply continue regardless of a certificate verification
failure (e.g. the certificate is expired or revoked). This would result
in a chain being built, however the first error encountered would be
persisted, which allows the caller to build the chain, have the
verification process succeed, yet upon inspecting the error code note
that the chain is not valid for some reason.
Mimic this behaviour by keeping track of certificate errors while building
chains - when we finish verification, find the certificate error closest
to the leaf certificate and expose that via the X509_STORE_CTX. There are
various corner cases that we also have to handle, like the fact that we
keep an certificate error until we find the issuer, at which point we have
to clear it.
Issue reported by Ilya Shipitcin due to failing haproxy regression tests.
With much discussion and input from beck@ and tb@!
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
If we fail to find a parent certificate from either the supplied roots or
intermediates and we have a X509_STORE_CTX, call its get_issuer() callback
to see if it can supply a suitable certificate. This makes things like
certificates by directory (aka by_dir) work correctly.
Issue noted by Uwe Werler <uwe@werler.is>
ok beck@ tb@
|
| |
|
|
| |
Suggested by and discussed with beck
|
| |
|
|
|
|
|
| |
context. This is what is returned in SSL_get_verify_result().
Spotted and initial diff from jeremy; discussed with jsing
ok beck
|
| |
|
|
|
|
| |
ctx->xsc->error. Will be needed in an upcoming diff.
from beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the leaf certificate was only being set up on the X509_STORE_CTX
after two verification steps were performed, however at least one of those
steps could result in the verification callback being triggered and
existing code breaking.
Issue noticed by Raf Czlonka when attempting to connect to talk.google.com
using profanity (which does not set SNI and ends up receiving an invalid
certificate).
ok beck@ deraadt@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Various software expects the previous behaviour where the certificate chain
is available on the X509_STORE_CTX when the verify callback is triggered.
Issue hit by bket@ with lastpass-cli which has built in certificate
pinning that is checked via the verify callback.
Fix confirmed by bket@.
ok beck@
|
| |
|
|
| |
No change in the generated assembly on amd64.
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The outer scope in x509_constraints_extract_names() contains a vname
variable which will be freed on error, but an inner scope contains
another vname that won't be freed, e.g., if x509_constraints_names_add
fails.
Found by llvm scan-build.
ok beck
|
| | |
|
| |
|
|
|
|
|
|
| |
regress to catch it in the future.
found by Guido Vranken's cryptofuzzer
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the default path of the switch is taken, vname will not be added
to the names list and will leak when it is set to NULL. Simplify the
logic by eliminating the add Boolean. Instead, free and zero vname in
the default case and continue the while loop directly. At the bottom
of the switch, add vname to the names list unconditionally zero it out
since it's now owned by names.
Found by Guido Vranken's cryptofuzzer
ok beck
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
ASN1_STRING - the gift that keeps on giving.
Found by Guido Vranken's cryptofuzzer.
ok tb@
|
| |
|
|
| |
symbol is exposed api and we probably need to deprecate it thoughtfully.
|
| |
|
|
|
|
|
|
|
|
|
| |
On OSX and Windows platform portable build fails since it can't find
NAME_CONSTRAINTS_check.
It is still remain in x509v3.h and Symbols.list but '#if 0'ed from
x509_ncons.c.
In this situation, some platforms appears to get error.
Add noop NAME_CONSTRAINTS_check stub to solve this issue.
ok beck@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call
x509_verify_ctx_new(), then handle the xsc specific parts.
ok beck@
|
| |
|
|
|
|
| |
happy
ok tb@
|
| |
|
|
|
|
| |
verification code.
ok jsing@
|
| |
|
|
|
|
| |
of staying with the new name constraint code this will be deleted
ok jsing@
|
| |
|
|
|
|
|
|
| |
to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when
allocation fails.
noticed by ingo@
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
the extension list.
found by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
Yak for my shaving pleasure found by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
found by llvm static analyzer.
ok tb@
|
| |
|
|
|
| |
noticed by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
noticed by llvm static analyzer
ok tb@
|
| |
|
|
|
|
|
| |
eat a NULL.
found by clang static analyzer
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
the roots for a ctx are only freed in the free function, not in the
clear function, so that a ctx can be re-used with the same roots.
ok tb@
|
| |
|
|
| |
so we don't need to pop free the roots separately
|
| | |
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new validator finds multiple validated chains to handle the modern
PKI cases which may frequently have multiple paths via different
intermediates to different roots. It is loosely based on golang's x509
validator
This includes integration so that the new validator can be used via
X509_verify_cert() as well as a new api x509_verify() which will
return multiple chains (similar to go).
The new validator is not enabled by default with this commit, this
will be changed in a follow on commit.
The new public API is not yet exposed, and will be finalized and
exposed with a man page and a library minor bump later.
ok tb@ inoguchi@ jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
regression tests. The use of the new name constraints is not yet activated
in x509_vfy.c and will be activated in a follow on commit
ok jsing@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
| |
A number of years ago we dropped the concept of having function names in
errors, since it is not that useful and very quickly gets out of sync when
refactoring. It would seem that some new ones got imported and some missed
the last clean up.
ok tb@ beck@ "kill it with fire"
|
| | |
|
| |
|
|
|
|
|
| |
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, when building a certificate chain we look up an issuer and if
it is the only issuer certificate available we still use it even if it has
expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted
certificates are processed first and if one of these happens to be expired
it will be used to build the chain, even if there is another non-expired
option in the trusted store.
Rework this code so that we first look for a non-expired untrusted
certificate. If one does not exist then we take a look in the trusted
store to see if we would be able to build the chain and only if there is
not, do we then look for an expired untrusted certificate.
This makes certificate validation possible for various sites that are
serving expired AddTrust certificates.
Issue reported by Christian Heimes via GitHub.
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
| |
|
|
| |
From Holger Mikolon
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
we can add const to PKCS8_pkey_get0(). In order for this to work,
we need to sprinkle a few consts here and there.
tested in a bulk by sthen
ok jsing
|
