Fwd: "ssl" module doesn't validate that domain of certificate is correct
7 views
Skip to first unread message
geremy condra
Apr 19, 2010, 4:58:15 PM4/19/10
to python-crypto
A discussion about a bit of what we talked about at PyCon is going on on
python-list. Feel free to drop in.
Geremy Condra
---------- Forwarded message ----------
From: John Nagle <na...@animats.com>
Date: Mon, Apr 19, 2010 at 12:51 PM
Subject: "ssl" module doesn't validate that domain of certificate is correct
To: pytho...@python.org
I'm converting some code from M2Crypto to the new "ssl" module, and
I've found what looks like a security hole. The "ssl" module will
validate the certificate chain, but it doesn't check that the certificate
is valid for the domain.
Here's the basic code:
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile,
cert_reqs=ssl.CERT_REQUIRED)
sock.connect((domain,443))
cert = sock.getpeercert()
print('SSL cert for "%s":' % (domain,))
for fieldname in cert :
print(' %s = %s' % (fieldname, cert[fieldname]))
Note that I'm sending a CA cert list and am specifying CERT_REQUIRED,
so I should get a proper cert check.
Now let's try a host that presents the wrong SSL cert. Try, in
a browser,
https://www.countrysidecabinetry.com
You'll get an error. But the "ssl" module is happy with this cert:
SSL cert for "www.countrysidecabinetry.com":
notAfter = Dec 8 23:30:48 2010 GMT
subject = ((('serialNumber',
u'E5gMXaDjnqfFPID2KNdLTVNEE6PjtqOr'),), (('countryName', u'US'),),
(('organizationName', u'customla
serengravings.com'),), (('organizationalUnitName', u'GT57631608'),),
(('organizationalUnitName', u'See www.rapidssl.com/resources/cp
s (c)09'),), (('organizationalUnitName', u'Domain Control Validated -
RapidSSL(R)'),), (('commonName', u'customlaserengravings.com')
,))
Note that the cert is for "customlaserengravings.com", but is being
presented by "countrysidecabinetry.com". Fail.
When I try this with M2Crypto, I get an SSL.Checker.WrongHost exception.
That's what should happen.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
--
Subscription settings: http://groups.google.com/group/python-crypto/subscribe?hl=en
python-list. Feel free to drop in.
Geremy Condra
---------- Forwarded message ----------
From: John Nagle <na...@animats.com>
Date: Mon, Apr 19, 2010 at 12:51 PM
Subject: "ssl" module doesn't validate that domain of certificate is correct
To: pytho...@python.org
I'm converting some code from M2Crypto to the new "ssl" module, and
I've found what looks like a security hole. The "ssl" module will
validate the certificate chain, but it doesn't check that the certificate
is valid for the domain.
Here's the basic code:
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile,
cert_reqs=ssl.CERT_REQUIRED)
sock.connect((domain,443))
cert = sock.getpeercert()
print('SSL cert for "%s":' % (domain,))
for fieldname in cert :
print(' %s = %s' % (fieldname, cert[fieldname]))
Note that I'm sending a CA cert list and am specifying CERT_REQUIRED,
so I should get a proper cert check.
Now let's try a host that presents the wrong SSL cert. Try, in
a browser,
https://www.countrysidecabinetry.com
You'll get an error. But the "ssl" module is happy with this cert:
SSL cert for "www.countrysidecabinetry.com":
notAfter = Dec 8 23:30:48 2010 GMT
subject = ((('serialNumber',
u'E5gMXaDjnqfFPID2KNdLTVNEE6PjtqOr'),), (('countryName', u'US'),),
(('organizationName', u'customla
serengravings.com'),), (('organizationalUnitName', u'GT57631608'),),
(('organizationalUnitName', u'See www.rapidssl.com/resources/cp
s (c)09'),), (('organizationalUnitName', u'Domain Control Validated -
RapidSSL(R)'),), (('commonName', u'customlaserengravings.com')
,))
Note that the cert is for "customlaserengravings.com", but is being
presented by "countrysidecabinetry.com". Fail.
When I try this with M2Crypto, I get an SSL.Checker.WrongHost exception.
That's what should happen.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
--
Subscription settings: http://groups.google.com/group/python-crypto/subscribe?hl=en
Justin Samuel
Apr 19, 2010, 5:19:39 PM4/19/10
to python...@googlegroups.com
Thanks for noticing this (I don't follow that list at the moment).
This is the intended SSL craziness of python. In his post here:
http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/
Heikki says:
"In addition, the client side needs to check that the certificate
hostname (in the subjectAltName or commonName) matches the hostname
that the client tried to connect to. If you don’t, you won’t know who
you are talking to and your connection is subject to a
man-in-the-middle attack. I was not able to convince Bill Janssen
that this post connection check callback should be provided by the ssl
module. I think there is value in doing a hostname check by default,
and letting application developers override it if necessary."
So, Bill Janssen, who may be the primary person maintaining python's
ssl library (?), doesn't see the importance of what many security
people would consider sane defaults here.
justin
This is the intended SSL craziness of python. In his post here:
http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/
Heikki says:
"In addition, the client side needs to check that the certificate
hostname (in the subjectAltName or commonName) matches the hostname
that the client tried to connect to. If you don’t, you won’t know who
you are talking to and your connection is subject to a
man-in-the-middle attack. I was not able to convince Bill Janssen
that this post connection check callback should be provided by the ssl
module. I think there is value in doing a hostname check by default,
and letting application developers override it if necessary."
So, Bill Janssen, who may be the primary person maintaining python's
ssl library (?), doesn't see the importance of what many security
people would consider sane defaults here.
justin
Reply all
Reply to author
Forward
0 new messages