Project

General

Profile

Feature #2693

[PATCH] support SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN

Added by mackyle over 1 year ago. Updated 3 months ago.

Status:
Fixed
Priority:
Low
Assignee:
-
Category:
TLS
Target version:
Start date:
2015-12-03
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

SSL_CLIENT_VERIFY is set to "NONE", "SUCCESS" or "FAILED:reason".
This is compatible with Apache's mod_ssl variable of the same name.

SSL_CLIENT_S_DN is set to the oneline version of the client certificate
subject's distinguished name and may be used as a setting for the
ssl.verifyclient.username config option. When Apache's mod_ssl is
configured to use 'FakeBasicAuth' it uses the SSL_CLIENT_S_DN value for
the username (that ultimately may end up in REMOTE_USER). The value
that will be set for SSL_CLIENT_S_DN may be determined using the
`openssl x509 -noout -subject -in <cert.pem>` command.

Patch file attached.

See also http://repo.or.cz/lighttpd/svnmirror/patches.git/commitdiff/fdd341bf

Associated revisions

Revision 6155d7d9 (diff)
Added by gstrauss 10 months ago

[TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)

(enabled with lighttpd.conf: ssl.verifyclient.activate = "enable")

x-ref:
"SSL Client Certificate validation."
https://redmine.lighttpd.net/issues/1288
"[PATCH] support SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN"
https://redmine.lighttpd.net/issues/2693

Revision fb87ae86 (diff)
Added by gstrauss 3 months ago

[mod_openssl] safer_X509_NAME_oneline() (fixes #2693)

provide a safer X590_NAME_oneline() with return value semantics similar
to those of snprintf() and use safer_X509_NAME_oneline() to set
SSL_CLIENT_S_DN when client cert is validated.

The manpage for X509_NAME_oneline() says:

The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.

Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

github: closes #63, closes #83

x-ref:
"support SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN"
https://redmine.lighttpd.net/issues/2693
https://github.com/lighttpd/lighttpd1.4/pull/63
https://github.com/lighttpd/lighttpd1.4/pull/83

History

#1 Updated by gstrauss over 1 year ago

  • Category changed from core to TLS

#3 Updated by gstrauss about 1 year ago

  • Assignee deleted (stbuehler)
  • Missing in 1.5.x deleted (Yes)

#4 Updated by gstrauss 8 months ago

  • Status changed from New to Need Feedback
  • Priority changed from Normal to Low

SSL_CLIENT_VERIFY has been implemented.

SSL_CLIENT_S_DN has not been implemented, and I am not quite convinced it is needed when there are other recommended solutions. According to X509_NAME_oneline() (https://linux.die.net/man/3/x509_name_oneline)

Notes

The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.

As an alternative, lighttpd does provide SSL_CLIENT_S_DN_* components, which can be used with e.g.
ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID"
or
ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"

Is there still a desire to have lighttpd provide SSL_CLIENT_S_DN, given the limitations described above, as well as the alternatives available?

--- a/src/response.c
+++ b/src/response.c
@@ -180,6 +180,16 @@ static void https_add_ssl_client_entries(server *srv, connection *con) {
        }

        {
+               char *s_dn = X509_NAME_oneline(xn, NULL, 0);
+               if (NULL != s_dn) {
+                       array_set_key_value(con->environment,
+                                           CONST_STR_LEN("SSL_CLIENT_S_DN"),
+                                           s_dn, strlen(s_dn));
+                       OPENSSL_free(s_dn);
+               }
+       }
+
+       {
                ASN1_INTEGER *xsn = X509_get_serialNumber(xs);
                BIGNUM *serialBN = ASN1_INTEGER_to_BN(xsn, NULL);
                char *serialHex = BN_bn2hex(serialBN);

#5 Updated by gstrauss 8 months ago

Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

#6 Updated by gstrauss 8 months ago

If this feature is still desired, please see what was posted on https://github.com/lighttpd/lighttpd1.4/pull/63 over two months ago:

Please consider using X509_NAME_print_ex() and propose a reasonable set of flags for a consistent and still-useful result.

#7 Updated by gstrauss 3 months ago

  • Status changed from Need Feedback to Patch Pending
  • Target version changed from 1.4.x to 1.4.46

#8 Updated by gstrauss 3 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom