<i>Tcl tls does not allow checking certificate subject name against hostname</i>.
by
D 2018-06-08T13:55:33.921
J foundin 1.6
J icomment Copying\sthis\sticket\sover\sfrom\sSourceforge\sfor\svisibility,\sas\sit's\sfairly\simportant.\r\n\r\n\r\nOriginal\screation\sdate:\s2014-07-17\r\n\r\nTcl\stls\sdoesn't\sprovide\sany\smechanism\sfor\schecking\sthat\sthe\ssubject\sof\sthe\speer's\scertificate\smatches\sthe\shostname\sto\swhich\sthe\sconnection\shas\sbeen\smade.\r\n\r\nFor\sexample,\ssuppose\sbogus_site.org\sreturns\sa\scertificate\swith\sa\ssubject\sfield\scontaining\s'CN=some_other_site.org'.\r\n\r\nAs\sof\stls\s1.6,\seven\sif\sI\sspecify\scertificate\svalidation\swith\s"-require\s1",\stls::socket\swon't\scomplain\sabout\sthe\sserver\shostname\snot\smatching\sthe\sserver\scertificate's\ssubject\sname\s-\se.g.\r\n\r\nset\ssock\s[tls::socket\s-require\s1\sbogus_site.org\s443]\r\ntls::handshake\s$sock\r\n\r\nwould\sreturn\s1\s(handshake\sOK)\seven\sif\sthe\scertificate\spresented\sby\sbogus_site.org\shas\sa\ssubject\sname\sfor\sa\stotally\sdifferent\sdomain.\r\n\r\nNow,\sI\sacknowledge\sthat:\r\n\r\n*\sfolks\soften\suse\stls::import\sinstead\sof\stls::socket\sso\stls\swon't\snecessarily\shave\saccess\sto\sthe\speer\shostname;\sand\r\n*\smaking\sthe\sabove\sexample\sreject\sthe\sconnection\smight\scause\sbackwards\scompatibility\sproblems;\r\n\r\nBut\sdoesn't\sit\sfeel\slike\sthe\stls\spackage\sshould\soffer\ssomething\sto\shelp\sapplication\sdevelopers\scheck\sthe\scertificate\ssubject?\sOtherwise\sit's\sgiving\sa\sfalse\ssense\sof\ssecurity\s-\syes,\smy\sconnection\sis\sencrypted,\sand\syes,\sthe\sserver\shas\sa\scertificate\s-\sbut\sthere's\sno\sassurance\sthat\sI'm\snot\stalking\sto\san\simpostor!\r\n\r\nAs\sa\sworkaround,\san\sapplication\scould\s(and\sprobably\sshould!)\scall\sthe\stls::status\scommand\safter\sthe\shandshake\sto\sretrieve\sthe\ssubject\sDN,\sparse\sit\sfor\sCN\sentries,\sthen\sperform\stheir\sown\svalidation.\sThe\sapplication\scould\salso\sdo\sthis\susing\sits\sown\scustom\sverify\scallback\s(set-up\swith\sthe\s-command\soption\sto\stls::socket/tls::import).\r\n\r\nHowever,\sthere\sare\stwo\sproblems\swith\sthis\sworkaround:\r\n\r\n1)\stls::status\sdoes\snot\sreturn\sthe\s"X509v3\sSubject\sAlternative\sName"\sinformation\sfrom\sthe\scertificate\s(http://tools.ietf.org/html/rfc3280#section-4.2.1.7)\s-\snowadays\scertificates\soften\sput\sthe\ssubject\sidentity\sinformation\sthere\sinstead\sof\sthe\sSubject\sDN\s(particulaly\swith\smulti-domain\scertificates\sused\sby\scloud\sproviders).\r\n\r\n2)\sThis\sacademic\spaper\s-\shttp://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf\s-\scalls\s"Validating\sSSL\sCertificates\sin\sNon-Browser\sSoftware"\sthe\s"Most\sDangerous\sCode\sin\sthe\sWorld"\ssince\sapplications\sget\sit\swrong\sso\soften.\sI'm\snot\ssure\sI'd\sgo\squite\sthat\sfar,\sbut\srelying\son\sapplication\scode\sto\sperform\sthese\schecks\sseems\sunwise\s-\sparsing\sDN\sstrings\srobustly\sis\squite\sfiddly,\sand\sI'm\snot\ssure\smany\sdevelopers\swould\seven\sthink\sabout\sthe\sneed\sto\scheck\sthe\ssubject\sagainst\sthe\shostname\s-\sthey'd\sexpect\stls/OpenSSL\sto\sdo\sthat\sfor\sthem.\r\n\r\nSo\sI\ssuggest\sthat\sto\sfix\sthis\sproblem,\stls\sshould\sbe\smodified\sto:\r\n\r\n(A)\sExpose\sthe\s"X509v3\sSubject\sAlternative\sName"\sextension\sinformation\s(if\spresent\sin\sthe\scertificate)\svia\sa\snew\sentry\s"subjectAltName"\sin\sthe\stls::status\scommand\sto\sallow\sclient\sapplications\sto\sperform\stheir\sown\svalidation.\sThis\sinformation\sshould\salso\sappear\sin\sthe\scert\sargument\sto\sthe\sverify\scallback.\r\n\r\n(B)\sProvide\sa\smechanism\sfor\schecking\sthe\speer\scertificate\ssubject\s(including\sany\sSubject\sAlternative\sNames)\sagainst\sa\scaller-provided\shostname.\r\n\r\nI'm\safraid\sI\sdon't\shave\sa\spatch\sto\sdo\seither\sof\sthose\sthings!\r\n\r\nI\sguess\sthe\susage\sfor\s(B)\smight\sbe\sa\snew\soption\sto\stls::import\s/\stls::socket\salong\sthe\slines\sof:\r\n\r\n-match_subject_hostname\s<hostname>\r\n\s\sIf\sspecified,\sthen\s-\sfollowing\scertificate\svalidation\s-\sthe\r\ngiven\shostname\swill\sbe\smatched\sagainst\sthe\sDNS\snames\sfound\sin\r\nthe\ssubjectAltName\sextension\sof\sthe\speer\scertificate,\sor\sif\sno\r\nsubjectAltName\sextension\sis\spresent,\sagainst\sthe\scommonName(s)\r\nfound\sin\sthe\ssubject\sfield\sof\sthe\scertificate.\r\nIf\sno\smatch\sis\sfound,\sthe\scertificate\swill\sbe\srejected.\r\nNote\sthat\sif\sthis\soption\sis\sspecified\sthen\s-require\smust\salso\sbe\r\nset\sto\strue.\r\nDefault\sis\s""\s(no\shostname\smatching).\r\n\r\n\r\nThe\sofficial\ssubject\sidentity\smatching\srules\sare\sfairly\scomplex\s-\ssee\shttp://tools.ietf.org/html/rfc6125\s-\sbut\sproviding\ssupport\sfor\sthe\smost\scommon\scase\sof\stesting\sa\sdomain\sname\sagainst\sthe\sdomain\snames\sin\ssubjectAltName\s(or\sthe\sCN\sin\sthe\ssubject\sfield)\sshould\shopefully\scover\s99%\sof\suses\s-\swith\sthe\sother\s1%\ssatisfied\sby\sthe\soption\sto\sdo\scustom\smatching\svia\sthe\snew\ssubjectAltName\sinfo\sreturned\sfrom\stls::status.
J login anonymous
J mimetype text/x-fossil-plain
J private_contact 42598c7d8c0a3059651f544c8985a7e60e63c4f2
J severity Important
J status Open
J title Tcl\stls\sdoes\snot\sallow\schecking\scertificate\ssubject\sname\sagainst\shostname
J type Code\sDefect
K 3c42b2ba117be6380bc167196e1d0c37cdec1112
U anonymous
Z f71778c740644ebe64cc3794718aa308