[Openswan dev] Re: [Fwd: [debian-openswan] openswan rejects x509 certificate, then establishes ISAKMP SA]

Rene Mayrhofer rene.mayrhofer at gibraltar.at
Tue Jul 6 09:41:50 CEST 2004


Hi Andreas,

First of all, thanks for clarifying that issue.

Andreas Steffen wrote:
> I fixed the first vulnerability discovered by Thomas Walpuski with
> an if statemement effectively barring self-signed certificates
> (or to be more precise, certs having identical subject and issuer DNs).
> The resulting error message was
> 
>  end certificate with identical subject and issuer not accepted
Yes, that's what I expected to be the case.

> Actually it *is* a security risk to accept such certs over the IKE channel.
> Self-signed certs should only be allowed to be loaded locally using 
> rightcert=
> where verify_x509cert() is not called. This is the reason why the
> connection comes up successfully even though the transmitted cert is
> rejected.
I see. Yes, they are loaded with *cert=. However, the error message is 
greatly misleading in such a case....

> During the night after Thomas Walpuski's email I dreamed of a second
> vulnerability which could lead to an endless loop and fixed it by
> introducing a pathlen counter and restricting the maximum trust chain
> length. I then replaced the check for a "self-signed" cert in front
> of the loop by an additional terminating condition that the verify
> loop can only be left successfully if pathlen > 0, i.e. self-signed
> certs must make another iteration where the same self-signed cert
> would have to be present in /etc/cacerts in order to be accepted
> (this is actually the same behaviour as before but fixing the first 
> vulnerability. If the self-signed cert is not in /etc/ipsec.d/cacerts
> then the loop will be exited with the classic
 >
>   issuer cacert not found
I noticed this loop-fix when I backported it (senselessly :) ) to 
freeswan 1.96.

> It now seems that openswan has kept both versions of my fixes whereas
> strongswan-2.1.3 has only the second improved one.
Then openswan seems to need the first patch removed again, at least 
2.1.3 which is the version in question. I'll also need to update the 
freeswan version in Debian unstable ASAP, since it also needs to be 
changed to the second fix.

with best regards,
Rene


More information about the Dev mailing list