[gnutls-devel] SSL certificate validation bugs in GnuTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 13 21:42:21 CET 2014


On 02/13/2014 08:41 PM, Daniel Kahn Gillmor wrote:
> On 02/13/2014 02:20 PM, Nikos Mavrogiannopoulos wrote:
>> On 02/13/2014 06:19 PM, Daniel Kahn Gillmor wrote:
>>
>>> It looks like key usage violations used to be permitted only when
>>> %COMPAT was specified in the priority string, and then commit id
>>> 16d365ab359436651deb35a8ec6cdc0e76c077d9 that was changed to be
>>> tolerated by default.  Perhaps this behavior could be added back in a
>>> way that could be controlled by a more specific priority string (i'm not
>>> sure what the default would be).
>>> In addition to knowing what other TLS libraries do, a survey of sites
>>> that are willing to offer ECDHE or DHE key exchange mechanisms without a
>>> digital signature key usage flag would be helpful in making an argument
>>> about what the default should be.
>>> I could produce this patch if people think that's a good approach.
>>
>> Maybe we can add back the check for 3.3.x when %COMPAT is not specified?
> 
> is there a reason to only lump this in with %COMPAT and not have it be a
> distinct %PERMISSIVE_KEY_USAGE flag? %COMPAT could imply
> %PERMISSIVE_KEY_USAGE.

It could be. In master I use a hash table so adding more flags wouldn't
hurt.

> It occurs to me: is there a way to *unset* a priority string flag?  I'm
> thinking about a scenario where an administrator anticipates a change in
> the defaults for some setting, and wants to ensure that their preferred
> configuration setting works and is stable using the same priority string
> across versions.  (another way to look at this is: how can someone write
> a HOWTO for a particular use case that has a single priority string that
> will work regardless of what the defaults are of the particular version
> the reader has deployed)

That could be done if we add individual priority string flags for all
work arounds. Unsetting flags is not supported though, and I don't know
if that additional complexity is needed.

regards,
Nikos


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 534 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140213/dac2368f/attachment.sig>


More information about the Gnutls-devel mailing list