Perform DANE-EE(3) name checks by default

In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-07-10 20:36:02 -0400
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-07-12 10:16:34 -0400
commit: 5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (patch)
tree: e3df5a313a7e45524115e1cca438256f0405bd6a /crypto/x509
parent: d83b7e1a580b2f68a041d178e91e9495ec95e383 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 469a0a8693..ee1c9af977 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2765,6 +2765,10 @@ static int dane_verify(X509_STORE_CTX *ctx)
         /* Callback invoked as needed */
         if (!check_leaf_suiteb(ctx, cert))
             return 0;
+        /* Callback invoked as needed */
+        if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+            !check_id(ctx))
+            return 0;
         /* Bypass internal_verify(), issue depth 0 success callback */
         ctx->error_depth = 0;
         ctx->current_cert = cert;
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-07-10 20:36:02 -0400
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-07-12 10:16:34 -0400
commit	5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (patch)
tree	e3df5a313a7e45524115e1cca438256f0405bd6a /crypto/x509
parent	d83b7e1a580b2f68a041d178e91e9495ec95e383 (diff)