Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Dan Kaminsky <dan(at)doxpara(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date: 2008-08-19 18:12:47
Message-ID: 48AB0D1F.80900@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Dan Kaminsky wrote:
>
>
> Tom Lane wrote:
>> Dan Kaminsky <dan(at)doxpara(dot)com> writes:
>>
>>> My question has been: When you attempt to create an SSL connection
>>> to database.backend.com, do you actually validate that:
>>>
>>
>>
>>> 1) The subject name of the certificate you're connecting to is
>>> database.backend.com, and
>>> 2) At least the basic checks (expiration, chaining back to a valid
>>> root) occur?
>>>
>>
>> [ shrug... ] We do whatever OpenSSL's default validation behavior is.
>> If that's inadequate you probably ought to be taking it up with them,
>> instead of trying to get downstream projects to fix it one at a time.
>>
>> regards, tom lane
>>
> Heh, you're the one making guarantees to your users. I'm just asking
> the exact nature of those guarantees. I agree that #2 is entirely under
> the control of OpenSSL -- but I'd like to know if #1 is being satisfied,
> i.e. OpenSSL knows you're looking to validate database.backend.com as
> opposed to "some cert that chains back", which is a worthless security
> assertion.

We do not validate the name. It is stated in a comment at the top of
f-secure.h that we do, but the code is all behind #ifdef NOT_USED. It
would probably not be a bad idea to have that check enabled by default,
but a way to turn it off.

(I don't believe OpenSSL does this verification either, because AFAICS
OpenSSL only ever sees the IP address of the server, and not the FQDN)

We do, however, return the peer certificate information to the libpq
client, that can verify this if it's considered necessary by the
*application*.

That said, claiming that the check of the chain up to a root certificate
is wortheless is very far from correct. Used the proper way, and the
way I most often see it deployed with PostgreSQL, makes it very worthy.
Because people normally either bundle the server certificate itself with
the application, in which case it will only ever connect to that server
(self-signed cert). Or they have a dedicated CA for this purpose. Is it
perfect? Far from. But it's certainly not worthless.

//Magnus

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Alexander Kirpa 2008-08-19 18:14:25 BUG #4364: type of "new.id" does not match that when preparing the plan
Previous Message Dan Kaminsky 2008-08-19 17:04:15 Re: BUG #4340: SECURITY: Is SSL Doing Anything?