Closed ruanlinqi closed 7 years ago
I would like to fix it, but the problem is that just switching to SSL_VERIFY_PEER is not enough. I need some way to access hostname from tls_new().
I have the following snippet I coded for fdm:
char *hostname = ???;
X509_VERIFY_PARAM *param = SSL_get0_param(tls->ssl);
/*
* Allow only complete wildcards. RFC 6125 discourages wildcard usage
* completely, and lists internationalized domain names as a reason
* against partial wildcards.
* See https://tools.ietf.org/html/rfc6125#section-7.2 for more information.
*/
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, hostname, 0);
@labdsf, libstrophe doesn't export tls API, therefore, you can change it. Just make sure your changes are reflected in all tls implementations (src/tls_xxx.c). Also keep interface tidy.
Hi developers: Nowadays we made a large scale security static analysis on several open source projects, and found some mistakes in libstrophe-0.8.8. In the @src/Tls_openssl.c:68: tls_t tls_new(xmpp_ctx_t ctx, sock_t sock) { tls_t tls = xmpp_alloc(ctx, sizeof(tls));
[..] }
The parameter SSL_VERIFY_NONE here can not configure this built-in certificate validation,so the handshake can continue even the cert is invalid.We recommand you use SSL_VERIFY_PEER to guarantee the security.We have send the bug report to Ubuntu launchpad,and also inform you of such news.Here are the link: https://bugs.launchpad.net/ubuntu/+source/libstrophe/+bug/1677511