Re: CVE request: hs-tls: Basic constraints vulnerability

[Florian Weimer <fweimer () redhat com>]

On 01/20/2013 01:32 PM, Salvatore Bonaccorso wrote:

> For hs-tls (TLS/SSL implementation in haskell) it was announced the following
> advisory[0]:
>
> ----cut---------cut---------cut---------cut---------cut---------cut-----
> Hi cafe,
>
> this is a security advisory for tls-extra < 0.6.1 which are all vulnerable to bad
> certificate validation.
>
> Some part of the certificate validation procedure were missing (relying on the
> work-in-progress x509 v3 extensions), and because of this anyone with a correct
> end-entity certificate can issue certificate for any arbitrary domain, i.e.
> acting as a CA.
>
> This problem has been fixed in tls-extra 0.6.1, and I advise everyone to upgrade as
> soon as possible.
>
> Despite a very serious flaw in the certificate validation, I'm happy that the
> code is seeing some audits, and would want to thanks Ertugrul Söylemez for the
> findings [1].
>
> [1] https://github.com/vincenthz/hs-tls/issues/29
> ----cut---------cut---------cut---------cut---------cut---------cut-----

I believe an alternative description of the impact is: hs-tls-extras 
does not check the Basic Constraints attribute of a certificate in 
certificate chain procession, and any certificate is treated as a CA 
certificate, which means that anyone who has a valid certificate can use 
it to sign another one (with an arbitrary subject DN/domain name 
embedded into it) and have it accepted by hs-tls.  This eventually 
allows MITM attacks on TLS connections.

Kurt, is this more to your liking? 8-)

--
Florian Weimer / Red Hat Product Security Team