[haiku-commits] haiku: hrev53396 - src/kits/network/libnetapi

  • From: waddlesplash <waddlesplash@xxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 23 Aug 2019 17:56:56 -0400 (EDT)

hrev53396 adds 2 changesets to branch 'master'
old head: 759ee24c4c1722813609c3b7c77fabef275b02bf
new head: a830ec9a1c5f0e359bac214710f002f29dbd1d76
overview: 
https://git.haiku-os.org/haiku/log/?qt=range&q=a830ec9a1c5f+%5E759ee24c4c17

----------------------------------------------------------------------------

8d63a9060e66: BSecureSocket: Pass the hostname to the X509 layer to validate it.
  
  Now SSL certificates with the wrong hostname actually fail to validate.
  While I'm at it, remove the usage of BString and just check [0] directly.
  
  Spotted by a random commenter on Hacker News.

a830ec9a1c5f: BSecureSocket: Don't continue with an untrusted certificate by 
default.
  
  It has been multiple years since this comment was written; all relevant
  apps have added their own hooks around this, so we should now be
  "secure by default."
  
  Also spotted by a random Hacker News commenter.

                              [ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]

----------------------------------------------------------------------------

1 file changed, 4 insertions(+), 9 deletions(-)
src/kits/network/libnetapi/SecureSocket.cpp | 13 ++++---------

############################################################################

Commit:      8d63a9060e66aa69c004934d5797a2a3098e9d0b
URL:         https://git.haiku-os.org/haiku/commit/?id=8d63a9060e66
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Fri Aug 23 21:50:28 2019 UTC

BSecureSocket: Pass the hostname to the X509 layer to validate it.

Now SSL certificates with the wrong hostname actually fail to validate.
While I'm at it, remove the usage of BString and just check [0] directly.

Spotted by a random commenter on Hacker News.

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/SecureSocket.cpp 
b/src/kits/network/libnetapi/SecureSocket.cpp
index f1447963d2..99136c742b 100644
--- a/src/kits/network/libnetapi/SecureSocket.cpp
+++ b/src/kits/network/libnetapi/SecureSocket.cpp
@@ -589,13 +589,11 @@ BSecureSocket::_SetupCommon(const char* host)
        BIO_set_fd(fPrivate->fBIO, fSocket, BIO_NOCLOSE);
        SSL_set_bio(fPrivate->fSSL, fPrivate->fBIO, fPrivate->fBIO);
        SSL_set_ex_data(fPrivate->fSSL, Private::sDataIndex, this);
-       if (host != NULL) {
-               BString hostString = host;
-               if (hostString != "")
-                       SSL_set_tlsext_host_name(fPrivate->fSSL, host);
+       if (host != NULL && host[0] != '\0') {
+               SSL_set_tlsext_host_name(fPrivate->fSSL, host);
+               X509_VERIFY_PARAM_set1_host(SSL_get0_param(fPrivate->fSSL), 
host, 0);
        }
 
-
        return B_OK;
 }
 

############################################################################

Revision:    hrev53396
Commit:      a830ec9a1c5f0e359bac214710f002f29dbd1d76
URL:         https://git.haiku-os.org/haiku/commit/?id=a830ec9a1c5f
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Fri Aug 23 21:56:09 2019 UTC

BSecureSocket: Don't continue with an untrusted certificate by default.

It has been multiple years since this comment was written; all relevant
apps have added their own hooks around this, so we should now be
"secure by default."

Also spotted by a random Hacker News commenter.

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/SecureSocket.cpp 
b/src/kits/network/libnetapi/SecureSocket.cpp
index 99136c742b..4e55e665fb 100644
--- a/src/kits/network/libnetapi/SecureSocket.cpp
+++ b/src/kits/network/libnetapi/SecureSocket.cpp
@@ -532,10 +532,7 @@ BSecureSocket::InitCheck()
 bool
 BSecureSocket::CertificateVerificationFailed(BCertificate&, const char*)
 {
-       // Until apps actually make use of the certificate API, let's keep the 
old
-       // behavior and accept all connections, even if the certificate 
validation
-       // didn't work.
-       return true;
+       return false;
 }
 
 


Other related posts:

  • » [haiku-commits] haiku: hrev53396 - src/kits/network/libnetapi - waddlesplash