Unexpected behavior in certificate hostname check

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Unexpected behavior in certificate hostname check

דרור מויל
Hi,
I'm experiencing some unexpected (in my opinion - and I might be in the wrong here) behavior in hostname checking the OpenSSL CLI utils.
I'm trying to verify the hostname of a certificate which has CN=mysite.com and altSubj=localhost (was generated by pyca/cryptography example - https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate) and the check always fails on hostname mismatch.
I tried the following:
1. openssl x509 -in certificate.pem -checkhost mysite.com
2. openssl verify -verify_hostname mysite.com certificate.pem

I could see in the code that they both use X509_check_host and they both call it with flags=0.
The thing is, that when the flags=0, X509_check_host will call do_X509_check that will verify only the altSubjNames and not the CN in the Subj.
I tried to find a way to set the flags to X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT using a CLI flag or config but there is no such option.

Was it meant to work like this? am I missing something?

Thanks!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Unexpected behavior in certificate hostname check

Viktor Dukhovni
> On Sep 18, 2018, at 5:27 PM, ⁨דרור מויל⁩ <⁨[hidden email]⁩> wrote:
>
> I'm experiencing some unexpected (in my opinion - and I might be in the wrong here) behavior in hostname checking the OpenSSL CLI utils.

The default behaviour follows:

   https://tools.ietf.org/html/rfc6125#section-6.4.4

which says:

   As noted, a client MUST NOT seek a match for a reference identifier
   of CN-ID if the presented identifiers include a DNS-ID, SRV-ID,
   URI-ID, or any application-specific identifier types supported by the
   client.

> I'm trying to verify the hostname of a certificate which has CN=mysite.com and altSubj=localhost (was generated by pyca/cryptography example - https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate) and the check always fails on hostname mismatch.

Your certificate is poorly crafted it must list all the desired domains in the
subjectAltName extension, and then may repeat one of them in the Subject CN as
a fallback for legacy software.

> The thing is, that when the flags=0, X509_check_host will call do_X509_check
> that will verify only the altSubjNames and not the CN in the Subj.

As expected.

> I tried to find a way to set the flags to X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
> using a CLI flag or config but there is no such option.
>
> Was it meant to work like this? am I missing something?

Obtain a properly crafted certificate and all will be well.
The host flags, are not IIRC exposed via the CLI.  Good luck.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Unexpected behavior in certificate hostname check

דרור מויל
Thanks!

On Wed, 19 Sep 2018 at 00:50, Viktor Dukhovni <[hidden email]> wrote:
> On Sep 18, 2018, at 5:27 PM, ⁨דרור מויל⁩ <⁨[hidden email]⁩> wrote:
>
> I'm experiencing some unexpected (in my opinion - and I might be in the wrong here) behavior in hostname checking the OpenSSL CLI utils.

The default behaviour follows:

   https://tools.ietf.org/html/rfc6125#section-6.4.4

which says:

   As noted, a client MUST NOT seek a match for a reference identifier
   of CN-ID if the presented identifiers include a DNS-ID, SRV-ID,
   URI-ID, or any application-specific identifier types supported by the
   client.

> I'm trying to verify the hostname of a certificate which has CN=mysite.com and altSubj=localhost (was generated by pyca/cryptography example - https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate) and the check always fails on hostname mismatch.

Your certificate is poorly crafted it must list all the desired domains in the
subjectAltName extension, and then may repeat one of them in the Subject CN as
a fallback for legacy software.

> The thing is, that when the flags=0, X509_check_host will call do_X509_check
> that will verify only the altSubjNames and not the CN in the Subj.

As expected.

> I tried to find a way to set the flags to X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
> using a CLI flag or config but there is no such option.
>
> Was it meant to work like this? am I missing something?

Obtain a properly crafted certificate and all will be well.
The host flags, are not IIRC exposed via the CLI.  Good luck.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users