New issue
Advanced search Search tips

Issue 733403 link

Starred by 3 users
Status: Fixed
Owner:
eroman@chromium.org
Closed: May 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

[pki library] Special case Netscape Server Gated Crypto when processing EKU

Project Member Reported by eroman@chromium.org, Jun 14 2017 
The CT logs detail a number of unexpired certificate chains where Netscape Server Gated Crypto (2.16.840.1.113730.4.1) appears in an intermediate, however the end-entity asserts TLS Server Auth instead.

These paths do not currently validate with net::PathBuilder, since we enable EKU matching on intermediates (  issue 63442  ).

By comparison, Firefox considers Netscape SGC as equivalent to serverAuth when checking intermediates (https://bugzilla.mozilla.org/show_bug.cgi?id=982292) and hence permits such mismatches.

Relatedly, there is Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3). Doesn't look like Firefox special cases this, however Chrome processes it in some places (i.e. X509Util.java considers it equivalent to TLS Server Auth, and cert_verify_proc_win.cc requests it during path building).

I suspect all the affected certs having Netscape SGC are using weak signatures (SHA1). If that is the case, we could limit this compatibility hack to SHA1 chains.

Comment 1 by eroman@chromium.org, Jul 29 2017

Description: Show this description
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc

commit c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc
Author: Eric Roman <eroman@chromium.org>
Date: Tue Aug 01 22:55:30 2017

Emit a warning when NS Server Gated Crypto is used in place of server auth in a certificate chain.

Netscape Server Gated Crypto (2.16.840.1.113730.4.1) is a deprecated
mechanism that is still in use by some unexpired (intermediate)
certificates. It is not part of the RFC 5280 profile for internet PKI.

This change adds a warning for the chain(s) in the certificate that are relying on nsSGC in place of server auth.

Bug:  733403 
Change-Id: I2994f7f5e2981eecf24bb9839e266d4292cad7f8
Reviewed-on: https://chromium-review.googlesource.com/593207
Reviewed-by: Matt Mueller <mattm@chromium.org>
Commit-Queue: Eric Roman <eroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491141}
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/BUILD.gn
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/common_cert_errors.cc
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/common_cert_errors.h
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/extended_key_usage.cc
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/extended_key_usage.h
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/cert/internal/verify_certificate_chain_typed_unittest.h
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Intermediate_1.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Root_1.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/keys/Target_1.key
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test
[add] https://crrev.com/c8c2d6a74bae4340f86e3c8889aeb04fdc9b6bfc/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test

Comment 3 by eroman@chromium.org, Apr 11 2018

Status: WontFix (was: Assigned)
All of the public certificate chains (logged to CT) that rely on  Netscape Server Gated Crypto are either:

  (a) Expired
  (b) Using a weak signature algorithm (SHA-1)

And there are only 2,754 such unexpired leaf certificates.

So modeling as a failure when doing tlsServerAuth should be sufficient.

A compatibility hack for NSSGC would probably only be relevant when sha1_local_anchors_enabled=true.

Comment 4 by eroman@chromium.org, May 16 2018

Labels: -Pri-3 Pri-2
Status: Assigned (was: WontFix)
Proposing a slight change to the policy (https://chromium-review.googlesource.com/c/chromium/src/+/1062594).

This has the advantage of matching the error from platform verifier, which is important while comparing results for equivalence.
Project Member

Comment 5 by bugdroid1@chromium.org, May 17 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a72056e268a20a573dfc4f952ed5e93d8950aa6d

commit a72056e268a20a573dfc4f952ed5e93d8950aa6d
Author: Eric Roman <eroman@chromium.org>
Date: Thu May 17 18:25:33 2018

Allow Netscape Server Gated Crypto for legacy intermediate certificates.

This doesn't change which chains the builtin cert verifier accepts in practice, however it does change the error with which it fails.

Now it rejects the chain due to the weak signature algorithm rather than the missing serverAuth EKU.

Bug:  733403 
Change-Id: I02f4afaa7479a91e027defd0854774e2c1eba1eb
Reviewed-on: https://chromium-review.googlesource.com/1062594
Commit-Queue: Eric Roman <eroman@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559615}
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/generate-chains.py
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-chain.pem
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-any.test
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-clientAuth.test
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha1-eku-serverAuth.test
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-chain.pem
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-any.test
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-clientAuth.test
[modify] https://crrev.com/a72056e268a20a573dfc4f952ed5e93d8950aa6d/net/data/verify_certificate_chain_unittest/intermediate-eku-server-gated-crypto/sha256-eku-serverAuth.test

Comment 6 by eroman@chromium.org, May 17 2018

Status: Fixed (was: Assigned)

Sign in to add a comment