[PATCH] RSA+DSA+ECC bundles

Maxim Dounin mdounin at mdounin.ru
Thu Oct 24 00:26:53 UTC 2013 

Hello!

On Wed, Oct 23, 2013 at 02:48:38PM -0700, Piotr Sikora wrote:

> Hey,
> 
> > Just drop the backwards-compatibility and require OpenSSL 1.0.2 or
> > later for that feature, just like a particular version of OpenSSL is
> > needed for TLS-SNI.
> 
> I kind of agree with that.
> 
> While OpenSSL-1.0.2 is still unreleased, it seems that all options for
> existing releases are a bit hacky, to say at least... The trusted
> certificate store sounds like the only way to do it right now, but it
> effectively makes SSL client verification useless and creates a
> security issue.
> 
> What do you think, Maxim?

I strongly disagree with automatic adding certificates from a 
certificate chain to a trusted store, it's just not an option.  
Otherwise, I don't think that use of a trusted certificate store is 
a major problem.

The same problem is already here if one want to use OCSP Stapling 
and verify signatures (and one probably want to, given the fact 
that an incorrect OCSP Staple can be easily used to DoS a server 
if a client follows RFC6066, and e.g. Firefox folks seems to try 
to do so and fail a connection on an incorrect OCSP Staple, see 
http://trac.nginx.org/nginx/ticket/425).  And the same happens if 
a complex PKI is used, and only some users should be allowed to 
login.

In a long term I think that our client verification code should be 
complemented by some access control functionality (as of now, one 
can use rewrite module for checks, and some do use them anyway, 
but it's not very convenient).

As for multiple certs per se, I don't think it should be limited 
to recent OpenSSL versions only.  As far as I can tell, current 
versions of OpenSSL will work just fine (well, mostly) as long as 
both ECDSA and RSA certs use the same certificate chain.  I 
believe at least some CAs issue ECDSA certs this way, and this 
should work.

Limiting support for multiple certs with separate certificate 
chains to only recent OpenSSL versions seems reasonable for me, 
but if Rob wants to try to make it work with older versions - I 
don't really object.  If it won't be too hacky it might worth 
supporting.

-- 
Maxim Dounin
http://nginx.org/en/donation.html

More information about the nginx-devel mailing list