[PATCH] RSA+DSA+ECC bundles
mdounin at mdounin.ru
Thu Oct 24 00:26:53 UTC 2013
On Wed, Oct 23, 2013 at 02:48:38PM -0700, Piotr Sikora wrote:
> > Just drop the backwards-compatibility and require OpenSSL 1.0.2 or
> > later for that feature, just like a particular version of OpenSSL is
> > needed for TLS-SNI.
> I kind of agree with that.
> While OpenSSL-1.0.2 is still unreleased, it seems that all options for
> existing releases are a bit hacky, to say at least... The trusted
> certificate store sounds like the only way to do it right now, but it
> effectively makes SSL client verification useless and creates a
> security issue.
> What do you think, Maxim?
I strongly disagree with automatic adding certificates from a
certificate chain to a trusted store, it's just not an option.
Otherwise, I don't think that use of a trusted certificate store is
a major problem.
The same problem is already here if one want to use OCSP Stapling
and verify signatures (and one probably want to, given the fact
that an incorrect OCSP Staple can be easily used to DoS a server
if a client follows RFC6066, and e.g. Firefox folks seems to try
to do so and fail a connection on an incorrect OCSP Staple, see
http://trac.nginx.org/nginx/ticket/425). And the same happens if
a complex PKI is used, and only some users should be allowed to
In a long term I think that our client verification code should be
complemented by some access control functionality (as of now, one
can use rewrite module for checks, and some do use them anyway,
but it's not very convenient).
As for multiple certs per se, I don't think it should be limited
to recent OpenSSL versions only. As far as I can tell, current
versions of OpenSSL will work just fine (well, mostly) as long as
both ECDSA and RSA certs use the same certificate chain. I
believe at least some CAs issue ECDSA certs this way, and this
Limiting support for multiple certs with separate certificate
chains to only recent OpenSSL versions seems reasonable for me,
but if Rob wants to try to make it work with older versions - I
don't really object. If it won't be too hacky it might worth
More information about the nginx-devel