[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [VOTE} Merge svn-auth-x509 branch to trunk?

From: Evgeny Kotkov <evgeny.kotkov_at_visualsvn.com>
Date: Thu, 29 Jan 2015 05:48:34 +0300

Ben Reser <ben_at_reser.org> writes:

> Not sure how you're processing those cert files (and you have to be doing
> something since our parser only accepts DER certs and most of those are PEM)
> but that's where the problem could be. I'm writing a quick little command
> line tool that can read PEM, raw base64 encode certs (i.e. PEM without the
> header/footer) and DERs and feed them through our parser. Which should make
> it trivial to test arbitrary certificates.

I grepped everything between BEGIN/END certificate markers and (with a bit
of post-processing) plugged the results into the 'x509_test cert_tests[]'
data set. As a consequence, the PEM → DER conversion happened within the
test_x509_parse_cert() test.

> This may be a case of our parser being overly paranoid about the input data
> being consistent. The buffer you pass to svn_x509_parse_cert() must end at
> exactly the place where the initial SEQUENCE says it should. Put an extra byte
> on the end and our parser will error out.

As it turns out, almost every failing certificate has X.509 Version: 1 (0x0),
but also happens to have V3 extensions. These are ill-formed per RFC 5280
s. 4.1 [1], but we could encounter them in the real world. For instance,
OpenSSL 1.0.1f does produce such certificates when signing end-entities
with the ee.cnf config from [2] (might be a bug). Googling shows at least
one thread with a person having an X.509 V1 certificate with V3 extensions.

I tend to think that being too strict in this aspect might be harmful. We
only want to display data in a certificate, and I think we should be able
to parse these certificates. OpenSSL and Microsoft CryptoAPI do not error
out on them and show what's there in V3 extensions even if the certificate
itself is a V1. For example, with 'openssl x509 -text -noout' I get:

        Version: 1 (0x0)
        Serial Number: 15 (0xf)


        X509v3 extensions:
            X509v3 Subject Alternative Name:

I came up with the attached patch for /branches/svn-auth-x509. Log message:
On svn-auth-x509 branch: Try to parse issuerUniqueID, subjectUniqueID and
extensions for every X.509 certificate version (v1, v2 and v3).

If they aren't present, we are fine, but we don't want to throw an error if
they are. v1 and v2 certificates with the corresponding extra fields are
ill-formed per RFC 5280 s. 4.1, but we suspect they could exist in the real
world. Other X.509 parsers (e.g., within OpenSSL or Microsoft CryptoAPI)
aren't picky about these certificates. As long as we are only willing to
display the certificate data in the 'svn auth' command, we can also be less
strict about them.

* subversion/libsvn_subr/x509parse.c
  (svn_x509_parse_cert): Try to parse issuerUniqueID, subjectUniqueID and
   extensions for all known X.509 versions (v1, v2, v3).
  (x509parse_get_hostnames): Do not check CRT->DNSNAMES for null, because
   it is no longer necessary.

  (cert_tests): Add a new test case.

Now, the only remaining fail is the 'fail-2.cer.txt' from my previous e-mail,
which has multiple AttributeTypeAndValue entries in RelativeDistinguishedName
(RDN). I am not yet sure why do we fail to parse the certificate, but the
certificate itself is structurally valid per RFC 5280 s. [3]. Here
is what 'openssl asn1parse -dump' says about it (output trimmed):

  188:d=3 hl=2 l= 111 cons: SET
  190:d=4 hl=2 l= 9 cons: SEQUENCE
  192:d=5 hl=2 l= 3 prim: OBJECT :countryName
  197:d=5 hl=2 l= 2 prim: PRINTABLESTRING : ...
  201:d=4 hl=2 l= 15 cons: SEQUENCE
  203:d=5 hl=2 l= 3 prim: OBJECT :organizationName
  208:d=5 hl=2 l= 8 prim: UTF8STRING : ...
  218:d=4 hl=2 l= 22 cons: SEQUENCE
  220:d=5 hl=2 l= 10 prim: OBJECT :domainComponent
  232:d=5 hl=2 l= 8 prim: IA5STRING : ...
  242:d=4 hl=2 l= 26 cons: SEQUENCE
  244:d=5 hl=2 l= 3 prim: OBJECT :commonName
  249:d=5 hl=2 l= 19 prim: UTF8STRING : ...
  270:d=4 hl=2 l= 29 cons: SEQUENCE
  272:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
  277:d=5 hl=2 l= 22 prim: UTF8STRING : ...

[1] https://tools.ietf.org/html/rfc5280#section-4.1
[2] https://src.chromium.org/svn/trunk/src/net/data/ssl/scripts/ee.cnf
[3] https://tools.ietf.org/html/rfc5280#section-

Evgeny Kotkov

Received on 2015-01-29 03:49:26 CET

This is an archived mail posted to the Subversion Dev mailing list.