Re: cert caching touch-ups

From: Tobias Ringstrom <tobias_at_ringstrom.mine.nu>
Date: 2003-09-23 12:29:17 CEST

Joe Orton wrote:
> After looking at the code, I do believe the attack will work.
>
> The only place that the hostname is checked is in neon, and neon does
> check the subjectAltName extension. neon will *not* give an
> NE_SSL_IDMISMATCH failure for the attempt to connect to the server
> masquerading as svn.webdav.org above, only an NE_SSL_UNTRUSTED failure.

No, we do not trust the certs using neon. We look for the unknown cert
in Subversion's auth system if neon does not trust the cert. We never
call ne_trust_cert (or whatever it is called exactly), so we are safe.

> (BTW ra_dav seems to be assuming that the values of NE_SSL_* will match
> the values of SVN_AUTH_SSL_* which is a bit dubious)

...or perhaps brave? :-) I'll look into it.

> Yes, quite. On the day that svn.webdav.org presents the funkycode.org
> certificate, I don't want a prompt, I want a big nasty error message. :)
> The only way to achieve this is to cache by hostname/port.

So you support the proposal? I'm looking for a +1. :-)

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Sep 23 12:30:08 2003

This message: [ Message body ]
Next message: mark benedetto king: "Re: cvs2svn: converted repository doesn't match cvs"
Previous message: Joe Orton: "Re: cert caching touch-ups"
In reply to: Joe Orton: "Re: cert caching touch-ups"
Next in thread: Joe Orton: "Re: cert caching touch-ups"
Reply: Joe Orton: "Re: cert caching touch-ups"
Reply: Tobias Ringstrom: "Re: cert caching touch-ups"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]