Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix evil twin bug #54

Merged
merged 20 commits into from
Jun 13, 2016
Merged

fix evil twin bug #54

merged 20 commits into from
Jun 13, 2016

Conversation

rhansen
Copy link
Member

@rhansen rhansen commented Jun 13, 2016

See issue #29

rhansen added 20 commits June 5, 2016 04:40
@rhansen
perform cleanup in a single place
0beeb34
@rhansen
delete unnecessary cast
c6c4d1f
@rhansen
eliminate verify_cert()'s chainOK parameter
ea585d6 
Before, if there was no path to a trust anchor, verify_cert() set
*chainOK to false but returned success.  Now, verify_cert() simply
returns ERR_SCM_NOTVALID and there is no chainOK parameter.

An evil twin can make it appear as if there is a path to a trust
anchor, so there's no substantial difference between a certificate
without a path to a trust anchor and an invalid certificate with a
path to a trust anchor.
@rhansen
rename isRoot to already_verified
cc03487 
isRoot==1 implies that the cert is a trust anchor, which is not how
this variable is used.  Rename isRoot to already_verified to match its
actual semantics a bit better.
@rhansen
eliminate unnecessary variable usage
01f2969 
This makes it easier to follow the code.
@rhansen
rename 'x' parameter to 'cert'
e9b256d
@rhansen
rename 'uchain' to 'intermediate_path'
3da19a2 
for clarity
@rhansen
delete unused 'e' parameter
a53cfa8
@rhansen
rename ctx and cert_ctx to cert_store to reduce confusion
07212ec
@rhansen
rename csc to ctx to reduce confusion
906f2cf
@rhansen
rename 'i' to 'ret' to reduce confusion
e172b19 
and defer its declaration to discourage misuse
@rhansen
fix X509_verify_cert() return value check
321b7aa 
The OpenSSL docs say that X509_verify_cert() might return a negative
error code and recomments applications check for <= 0 when testing for
success.
@rhansen
move X509_STORE creation to checkit()
780d292 
This will make it easier to edit verify_cert() to fix the evil twin
bug.
@rhansen
require tchain to be non-NULL
7b8c335
@rhansen
rename tchain to sk_trusted
c1ccf0a 
to match verify_cert()
@rhansen
move trusted cert stack creation to checkit()
a1ad92d 
This will make it easier to edit verify_cert() to fix the evil twin
bug.
@rhansen
add a new error code that means "stop iteration"
bf6f170
@rhansen
define a new find_cert_paths() function
443ded4 
Given a starting SKI and subject, this function finds all
certification paths up to a trust anchor.  For each path it finds it
calls a callback to perform validation (or some other task).
@rhansen
use find_cert_paths() to help verify certificates
72a0f28 
find_cert_paths() walks all certification paths, so this change fixes
the evil twin bug.
@rhansen
document verify_cert() parameters and return value
09697f0
@rhansen rhansen self-assigned this Jun 13, 2016
rhansen added a commit to rhansen/rpstir that referenced this pull request Jun 13, 2016
@rhansen
Merge pull request bgpsecurity#54 from t.29.evil-twin
974174c
@rhansen rhansen merged commit 09697f0 into master Jun 13, 2016
@rhansen rhansen deleted the t.29.evil-twin branch June 13, 2016 23:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rhansen rhansen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rhansen