[precise] freerdp does not check the server's hostname when verifying ssl certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freerdp (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-
tls_verify_
As freerdp 1.0 is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0.
People interested in fixing this might want to consult http://
visibility: | private → public |
description: | updated |
summary: |
- freerdp does not check the CommonName when verifying ssl certificates + freerdp does not check the server's hostname when verifying ssl + certificates |
Changed in freerdp (Ubuntu): | |
importance: | Undecided → High |
summary: |
- freerdp does not check the server's hostname when verifying ssl - certificates + [precise] freerdp does not check the server's hostname when verifying + ssl certificates |
description: | updated |
Hi,
I just worked on refactoring, simplifying and cleaning up the certificate validation code. It's now much easier to read but it's not fixed with regards to this bug report.
tls_verify_ certificate( ) first uses x509_verify_ certificate( ) to attempt to validate the certificate using OpenSSL and ~/.freerdp/certs as a lookup path. My understanding is that one can add trusted CAs in ~/.freerdp/certs and have that be used with this first technique. Would that be what the first issue was about?
If x509_verify_ certificate( ) fails, we resort to use our equivalent of ssh's known_hosts file. A check is made with the hostname that was given and the fingerprint of the certificate. If they don't match, certificate validation fails. The user can manually accept untrusted certificates for later, as with SSH.
Now when working on this, I noticed that SSH had two different error messages, one for the fingerprint mismatch, and one for the hostname mismatch. I think this is what you are looking for if I understood you correctly.
SSH will show something like this when the hostname does not match: @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@
@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@
I can work on adding an additional hostname checking function besides the fingerprint check. I'd just like to make sure:
if I connect to, let's say, freerdp.com using its IP address (173.236.214.234) I'll get a hostname of 173.236.214.234, not freerdp.com. In this case, how do I properly check that hostnames match? The certificate will probably give me a different hostname than the one which was used for connection.
Also, I guess that the known hosts should always store the hostname from the certificate, and not the one given by the user?
Should the IP address be used in this verification process in any way?