diff options
author | David Benjamin <davidben@google.com> | 2017-02-05 16:24:49 -0500 |
---|---|---|
committer | David Benjamin <davidben@google.com> | 2017-02-05 16:41:08 -0500 |
commit | c339766a51d2db711171cb704e30b7ae916a987f (patch) | |
tree | a943be297395d2202aa7ad29d2824078354bb9b1 /TODO | |
parent | 58e367fd6501efc2f11adb0b44f1c7cde9b39c2a (diff) | |
download | tlsdate-master.tar.gz |
Do not depend on internals of the SSL state machine.HEADandroid-n-mr2-preview-2android-n-iot-release-smart-display-r2android-n-iot-release-smart-displayandroid-n-iot-release-polk-at1android-n-iot-release-lg-thinq-wk7android-n-iot-release-ihome-igv1android-n-iot-preview-4nougat-iot-releasen-iot-preview-4mastermain
tlsdate has a "time_is_an_illusion" parameter which uses the server's
reported time (within some bounds) to check the certificate against. It
does this by configuring the time on the SSL's X509_VERIFY_PARAM when
one of the SSL3_ST_CR_SRVR_HELLO_A and SSL3_ST_CR_SRVR_HELLO_B states
passes.
In addition to depending on quirks of the OpenSSL state machine which
BoringSSL would otherwise need to emulate, this code is wrong. It needs
to run at a point after the server_random is filled in. In the original
OpenSSL code, SSL3_ST_CR_SRVR_HELLO_A is when the message header is
read, so this is too early. The _B also wouldn't work in a non-blocking
socket because state mcahine might pause halfway through reading the
body. This probably only worked because it only uses blocking BIOs.
This also depends on OpenSSL's info_callback hacking the state
transitions so SSL_state returned the previous state during the
callback.
Rather than ossify all these bugs, use SSL_CTX_set_cert_verify_callback.
This overrides OpenSSL's call to X509_verify_cert. By looking up the
server random immediately before verification, we are guaranteed
server_random is filled in. At this point we also have an X509_STORE_CTX
available, so we may set the time on it directly.
Change-Id: I0a830984539d7e9e53c78891dea07f27f71edcbf
Test: mma
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions