)]}' { "commit": "c67076d653f7501136f7b208df4b011a7275e8f5", "tree": "b6938e801dca6d852006e9870314b0e296f79874", "parents": [ "e55c64fdd3f47413e17eaa8e4f4d2a62622a01eb" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Apr 16 17:39:50 2019 -0500" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Mon Apr 22 21:32:29 2019 +0000" }, "message": "Require certificates under name constraints use SANs.\n\nThe common name fallback does not interact well with name constraints.\nUntil we remove this fallback, we must resolve this conflict.\n\nBlindly applying name constraints to the common name will reject\n\"decorative\" common names that aren\u0027t intended to be hostnames (e.g.\n[0]). We need to guess based on format whether the common name is a DNS\nname. It is important this same check is applied to *both* name\nconstraints and name matching, which means the OpenSSL version (see\n5bd5dcd49605ca2aa7931599894302a3ac4b0b04,\nd02d80b2e80adfdde49f76cf7c7af4e013f45005, and\n55a6250f1e7336e8a7d89fb609eb23398715ff6f) is unsuitable as a\ncompatibility data point.\n\nIn theory we could limit this to chains with name constraints, which are\nuncommon, but X509_check_host sees only the leaf. We must apply it\nuniformly. That means a strict check risks problems with malformed\nnon-WebPKI setups like [1].\n\nFor a first pass, mirror Go\u0027s behavior. Like Go, rather than run\nSAN-less DNS-like common names through name constraints, we simply\nreject all such certificates. Name constraints now exclude all leaf\ncertificates that can trigger the common name fallback. They are rare\nenough that we can hopefully hold them to a higher standard.\n\nNote this does not make misclassified decorative common names any worse,\ncompared to the checking the name constraint. Such names would not have\nmatched the constraint anyway.\n\nUpdate-Note: This can may cause two kinds of errors:\n\n1. Leaf certificates whose chain contains a name constraint and lack\n SANs may be rejected with X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS.\n\n2. Leaf certificates which use the common name fallback and verify\n against an insufficiently DNS-looking hostname may fail with\n X509_V_ERR_HOSTNAME_MISMATCH.\n\nIn both cases, the fix is to include the subjectAltName in the\ncertificate, rather than rely on the common name fallback. (Refining the\nheuristic is also an option, but the two failure modes pull it in\nopposite directions, so this is tricky.)\n\n[0] https://github.com/golang/go/issues/24151\n[1] https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/194\n\nChange-Id: If25557de428768292a14ba3bdeeffbd74e3a3bf8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35665\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "e50740377d10ef7836c928d80cd9caa868d0fdfa", "old_mode": 33188, "old_path": "crypto/x509/make_many_constraints.go", "new_id": "578618dfbfc5b24e7bdd852c1a6acade1c953363", "new_mode": 33188, "new_path": "crypto/x509/make_many_constraints.go" }, { "type": "modify", "old_id": "dbfa04281945215f71bdbc8f91fc9a6cfc068496", "old_mode": 33188, "old_path": "crypto/x509/many_names3.pem", "new_id": "f15638f9e0eef53a22e3d17f8a3b33878411fb32", "new_mode": 33188, "new_path": "crypto/x509/many_names3.pem" }, { "type": "modify", "old_id": "a6d3ee790dfc90be3202c61ad77d25c7658511d5", "old_mode": 33188, "old_path": "crypto/x509/some_names3.pem", "new_id": "7b38bf3ce56eaf0a9c815c23fc32b93fa216eefb", "new_mode": 33188, "new_path": "crypto/x509/some_names3.pem" }, { "type": "modify", "old_id": "517635edec6792c81c3755dd6cea094b1a254f0c", "old_mode": 33188, "old_path": "crypto/x509/x509_test.cc", "new_id": "c0ac17059665328ff069f30a3f379f5511340f42", "new_mode": 33188, "new_path": "crypto/x509/x509_test.cc" }, { "type": "modify", "old_id": "99f83c6af728fe594f2ea6877ef9291efec8946f", "old_mode": 33188, "old_path": "crypto/x509/x509_txt.c", "new_id": "8e6ac27d4cf0d996d4997e65e6ba7f44bea490db", "new_mode": 33188, "new_path": "crypto/x509/x509_txt.c" }, { "type": "modify", "old_id": "5af3fb323ab476cf7cc8009f3c50d3d48b282f3a", "old_mode": 33188, "old_path": "crypto/x509/x509_vfy.c", "new_id": "fff97fac993e0b2a4af2f4965f65206fc6556fcb", "new_mode": 33188, "new_path": "crypto/x509/x509_vfy.c" }, { "type": "modify", "old_id": "e6be6841d871dbd612949318fe725dd638854945", "old_mode": 33188, "old_path": "crypto/x509v3/internal.h", "new_id": "c143d735d78765b90e38de92cecaa631fc4b376a", "new_mode": 33188, "new_path": "crypto/x509v3/internal.h" }, { "type": "modify", "old_id": "51db47874a737fd2af8aecf2b0296193a66d941b", "old_mode": 33188, "old_path": "crypto/x509v3/v3_utl.c", "new_id": "86c49403b86e7e12acc9a8d71652f892f4a27b06", "new_mode": 33188, "new_path": "crypto/x509v3/v3_utl.c" }, { "type": "modify", "old_id": "0736120fc75d3414fea19bb0cdb94da7af0a2335", "old_mode": 33188, "old_path": "crypto/x509v3/v3name_test.cc", "new_id": "c1da9c85793c942b6dd4f3d83d029855412c5617", "new_mode": 33188, "new_path": "crypto/x509v3/v3name_test.cc" }, { "type": "modify", "old_id": "86aa5469232a6ba0aa432e33c9d93606bb875ff8", "old_mode": 33188, "old_path": "include/openssl/x509_vfy.h", "new_id": "f26233497b25f164b1c4f89c53171b23165ed7cb", "new_mode": 33188, "new_path": "include/openssl/x509_vfy.h" } ] }