[erlang-patches] ssl: bug fix: verify cert signature against original cert DER
Matthew Campbell
mcampbell@REDACTED
Tue Feb 9 18:14:51 CET 2016
Our Erlang/OTP program calls out to a third-party web service over HTTPS. That web server's certificate includes the `id-ce-keyUsage` extension with typical values for a web server: `digitalSignature` and `keyEncipherment`. However, the bit string representation for this value is encoded in a nonstandard way:
733:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
738:d=5 hl=2 l= 1 prim: BOOLEAN :255
741:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030200A0
The `00` byte indicates zero unused bits in the bit-string. Standard encoding has `05` instead, since only bits 1 and 3 are set, leaving 5 trailing zero bits.
This certificate parses just fine in OTP, but because it does not include the necessary fields in its `id-ce-authorityKeyIdentifier` extension the issuer must be looked-up in the CertDB. Because OTP encodes the key usages according to standard as hex `030205A0`, the process of re-encoding the certificate when searching for the issuer in the CertDB causes signature verification to fail erroneously, causing our program's client to fail validation of the server's certificate with the alert `unknown_ca`.
My patch provided the original binary DER to the `pkix_verify` function used during the fold over the CertDB, avoiding false negatives due to differences
between DER encoding implementations of OTP and other platforms. PR submitted at https://github.com/erlang/otp/pull/958
git fetch git://github.com/xenolinguist/otp.git mc/ssl_patch
https://github.com/erlang/otp/compare/maint...xenolinguist:mc/ssl_patch
https://github.com/erlang/otp/compare/maint...xenolinguist:mc/ssl_patch.patch
More information about the erlang-patches
mailing list