ssl hostname verification security bug: verify_certificate_identity wildcard matching allows to much
I'm not a ruby developer but the maintainer of the IO::Socket::SSL module in Perl. While comparing the state of the SSL implementations in various languages I've noticed, that your validation of the hostname inside the certificate is wrong regarding wildcards.
According to the RFC2818 (http) or RFC6125 (includes http and others) only the leftmost part of the name specification might contain a wildcard, e.g
*.foo.bar is allowed, but not
www.*.foo.bar or even
www.*.*.*. Unfortunatly the implementation of
verify_certificate_identity in openssl/ssl.rb (or openssl/ssl-internal.rb in older versions) does a global substitution of
[^.]+ and thus allows wildcards anywhere and also multiple wildcards. I've verified my assumption with a certificate for
www.*.foo.*, which got successfully verified against
www.foobar.foo.bar on ruby 1.9.1. And, from looking at the code the current ruby version has the same problem.
Also, from reading the code I understand that you use the same hostname verification for SMTP, IMAP and POP too. But the verification schemes for these protocols differ from http (see RFC2595 for SMTP, RFC4642 for IMAP and POP):
- while http allows something like www*.example.com the other protocols only allow *.example.com, e.g. the the wildcard must fully replace the leftmost part of the hostname.
- while with http one should not check the common name if subject alternative names exist (and you've implemented it this way), with the other protocols one check common name too.
Updated by nobu (Nobuyoshi Nakada) almost 8 years ago
- Description updated (diff)
- Category set to ext/openssl
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
- Priority changed from Normal to 5
- Target version set to 2.2.0
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED
Seems no wildcard tests.
Updated by hansdegraaff (Hans de Graaff) almost 7 years ago
It looks like this is fixed with https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596 which is related to https://bugzilla.redhat.com/show_bug.cgi?id=1209981
Updated by nagachika (Tomoyuki Chikanaga) almost 7 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset r50292.
- ext/openssl/lib/openssl/ssl.rb: stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644]
- test/openssl/test_ssl.rb: add tests for above.