PATCH: possible bug in OCSP check
Ricardo Martin Camarero
ricardo_martin_camarero at yahoo.es
Wed May 29 08:22:05 UTC 2013
Hi Xuelei,
I suppose my company had, cos I also work for Oracle. :-)
But I'm not related with openjdk and this issue was discovered outside
my work (I was asked by an ex-colleague about the ocsp responder I
commented previously).
Regards!
On 05/29/2013 03:16 AM, Xuelei Fan wrote:
> Hi Ricardo,
>
> Have you or your organization signed the signed the Oracle Contributor
> Agreement (OCA) per the request of OpenJDK bylaws?
>
> http://openjdk.java.net/bylaws#_2
>
> Thanks,
> Xuelei
>
> On 5/24/2013 5:31 PM, Ricardo Martin Camarero wrote:
>> Hi everybody,
>>
>> I have been struggling for some months with a weird issue about how Java
>> validates OCSP responses. Following the RFC2560 standard the responses
>> sent by the responder should be signed following one of these three
>> possibilities:
>>
>>> All definitive response messages SHALL be digitally signed. The key
>>> used to sign the response MUST belong to one of the following:
>>>
>>> -- the CA who issued the certificate in question
>>> -- a Trusted Responder whose public key is trusted by the requester
>>> -- a CA Designated Responder (Authorized Responder) who holds a
>>> specially marked certificate issued directly by the CA, indicating
>>> that the responder may issue OCSP responses for that CA
>> In current java implementation (openjdk 6, 7 and 8) the case (1) and (3)
>> are considered by default and case (2) can be configured using some
>> properties ("ocsp.responderCertSubjectName" for example). But the
>> problem is that both configurations are exclusive, if your application
>> accepts responses for the cases (1) and (3) it fails with the case (2)
>> and vice-versa.
>>
>> I faced an OCSP responder that in some cases it answered using the case
>> (1) and in others using the case (2). The case (1) was used to sign
>> responses for their own certificates and the case (2) was used to sign
>> responses for foreign certificates (spanish national id certificates
>> specifically). I'm not completely sure if the standard admits this
>> situation but I haven't read anything against that. Besides why not to
>> take the configured certificate ("ocsp.responderCertSubjectName" or any
>> of the other properties) as a failback and not as the unique valid signer.
>>
>> Looking at the code the problem is that only one certificate is passed
>> as the valid signer for responses (the one configured via properties or
>> the issuer cert). Following Andrew advise I have made a little patch
>> against current openjdk-8 that just considers both of them (OCSPResponse
>> class receives both certs and this way can check the three cases).
>>
>> Thanks in advance!
>>
More information about the security-dev
mailing list