[stunnel-users] Patch to enhance verify=3 with SHA-1 check

• Previous message (by thread): [stunnel-users] Does stunnel support startTLS?
• Next message (by thread): [stunnel-users] Delay before sending server hello
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As indicated in a previous mail to this list I was surprised by the 
following behavior: With "verify=3" stunnel doesn't compare the peer's 
certificate with the locally installed certificate for actual equality 
but it only checks whether they have the same subject. 

The recent Comodo incident[1] has shown that it is not impossible to get a 
certificate which matches the subject of the certificate of some 
interesting server and is signed by a trusted CA. That's why I was 
interested in a stricter form of verification (at least in client mode).

I have attached a small patch, derived from code in the file 
"mutt_ssl.c" of the Mutt[2] mail client, which adds a check for equality 
of SHA-1 hashes to the "verify=3" certificate check. I mainly wrote it 
for personal use but maybe someone else will find it useful or has some 
comments.  

Regards,
Philipp

[1] http://blog.mozilla.com/security/2011/03/25/comodo-certificate-issue-follow-up/
[2] http://www.mutt.org/
-------------- next part --------------
--- verify.c	2011-01-24 22:44:03.000000000 +0100
+++ verify.c.patched	2011-04-10 20:17:19.551078252 +0200
@@ -196,6 +196,8 @@
 
 static int cert_check(CLI *c, X509_STORE_CTX *callback_ctx, int preverify_ok) {
     X509_OBJECT ret;
+    unsigned char peermd[EVP_MAX_MD_SIZE], localmd[EVP_MAX_MD_SIZE];
+    unsigned int peermdlen, localmdlen;
 
     if(c->opt->verify_level==SSL_VERIFY_NONE) {
         s_log(LOG_INFO, "CERT: Verification not enabled");
@@ -207,11 +209,25 @@
             X509_verify_cert_error_string(callback_ctx->error));
         return 0; /* reject connection */
     }
-    if(c->opt->verify_use_only_my && callback_ctx->error_depth==0 &&
-            X509_STORE_get_by_subject(callback_ctx, X509_LU_X509,
-                X509_get_subject_name(callback_ctx->current_cert), &ret)!=1) {
-        s_log(LOG_WARNING, "CERT: Certificate not found in local repository");
-        return 0; /* reject connection */
+    if(c->opt->verify_use_only_my && callback_ctx->error_depth==0) {
+        if(X509_STORE_get_by_subject(callback_ctx, X509_LU_X509,
+                    X509_get_subject_name(callback_ctx->current_cert), &ret)!=1) {
+            s_log(LOG_WARNING, "CERT: Certificate not found in local repository");
+            return 0; /* reject connection */
+        }
+        else {
+            if(!X509_digest (callback_ctx->current_cert, EVP_sha1(), peermd, &peermdlen) ||
+                    !X509_digest (ret.data.x509, EVP_sha1(), localmd, &localmdlen)) {
+                s_log(LOG_WARNING, "Failed to compute fingerprints.");
+                return 0;
+            }
+            if(peermdlen != localmdlen ||
+                    memcmp(peermd, localmd, localmdlen) != 0) {
+                s_log(LOG_WARNING, "Fingerprints of certificates don't match.");
+                return 0;
+            }
+
+        }
     }
     return 1; /* accept connection */
 }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110427/05cd6ca4/attachment.sig>

• Previous message (by thread): [stunnel-users] Does stunnel support startTLS?
• Next message (by thread): [stunnel-users] Delay before sending server hello
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]