lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1TWxGb-0009zU-6Q@internal.tormail.org>
Date: Fri, 09 Nov 2012 22:41:37 +0000
From: y33t <y33t@...mail.org>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Gajim fails to handle invalid certificates

Gajim does not seem to properly handle invalid/broken/expired 
certificates. The _ssl_verify_callback function in tls_nb.py is called 
by OpenSSL for every certificate in the certificate chain (CA first, 
server certificate last) but always return True whether an error was 
encountered or not.

This forces OpenSSL to verify each certificate until none is left, at 
which points it will call _ssl_verify_callback one last time with an 
error number of 0.

(This behavior is documented here:  man 3 SSL_CTX_set_verify
"If verify_callback returns 1, the verification process is continued. 
If verify_callback always returns 1, the TLS/SSL handshake will not be 
terminated with respect to verification failures and the connection will 
be established."
And can be observed in function 
crypto/x509/x509_vfy.c:internal_verify() in OpenSSL source code.)

_ssh_verify_callback only stores the last error code, which always is 0 
unless an error was encountered in the deepest level of the chain (the 
CA), so gajim will not warn as long as the CA is recognized.


(...)

This problem goes beyond expired certificates. It is also possible to 
edit any existing and valid server certificate by changing the CN 
manually. The certificate's signature will be become invalid and OpenSSL 
will detect it and return errnum 7 ("Certificate signature failure") but 
gajim will not warn and will proceed with the connection anyway...


References:
https://trac.gajim.org/ticket/7252

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ