Re: cert caching touch-ups

From: Tobias Ringstrom <tobias_at_ringstrom.mine.nu>
Date: 2003-09-23 17:49:41 CEST

Tobias Ringstrom wrote:
> Joe Orton wrote:
>
>> After looking at the code, I do believe the attack will work.
>>
>> The only place that the hostname is checked is in neon, and neon does
>> check the subjectAltName extension. neon will *not* give an
>> NE_SSL_IDMISMATCH failure for the attempt to connect to the server
>> masquerading as svn.webdav.org above, only an NE_SSL_UNTRUSTED failure.
>
> No, we do not trust the certs using neon. We look for the unknown cert
> in Subversion's auth system if neon does not trust the cert. We never
> call ne_trust_cert (or whatever it is called exactly), so we are safe.

Oops, I'm an idiot (or at least lazy with a bad memory). You are right
of course. I thought I had a manual compare somewhere in there, but I
was wrong. The plan is now as follows:

1. Add a manual hostname comparison. This will definately make it
into 0.30.

2. Code up my new proposal. This *might* make it into 0.30. We'll see...

Thanks for the heads-up, Joe!

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Sep 23 17:50:30 2003

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: svn commit: rev 7136 - in trunk: . subversion/include"
Previous message: Ben Collins-Sussman: "Re: Release tarball...."
In reply to: Tobias Ringstrom: "Re: cert caching touch-ups"
Next in thread: Tobias Ringström: "Re: cert caching touch-ups"
Reply: Tobias Ringström: "Re: cert caching touch-ups"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]