verify_cert_dns_name appears only to work against subjectAltName

[ctz]

I have the following cert:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 456 (0x1c8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ponytown level 2 intermediate
        Validity
            Not Before: May 20 21:59:24 2016 GMT
            Not After : Jun 19 21:59:24 2016 GMT
        Subject: CN=testserver.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:da:99:b5:76:7b:ff:18:2f:61:02:17:62:a4:80:
                    58:21:cc:01:81:0c:71:9f:3c:08:5e:19:8a:5e:fb:
                    db:6d:66:67:34:c2:e6:b9:30:f6:b1:8d:91:87:23:
                    e1:4f:a4:76:6c:fe:89:c3:03:b6:a0:3c:f2:22:84:
                    1b:b2:2b:b4:8b:59:23:f3:23:04:19:64:fc:53:4d:
                    d2:7e:fe:f8:32:b4:68:4c:29:34:aa:0d:33:e9:87:
                    72:38:e3:80:44:90:f4:2e:0b:6f:4c:f9:9a:3b:d2:
                    76:d3:b7:69:92:e1:60:1d:2a:90:62:85:7c:e2:10:
                    3c:12:1f:b4:61:77:32:b2:d0:2b:13:b8:57:89:53:
                    2d:f2:35:75:28:32:0f:9e:1c:d4:6b:bb:86:cf:10:
                    36:eb:df:24:f7:84:fe:84:94:da:49:d7:a2:c2:2f:
                    e4:ad:37:7f:55:55:f3:80:01:95:81:be:ea:31:02:
                    9e:c5:c8:1f:a2:c8:42:39:a1:0a:a3:80:9a:46:b8:
                    ab:55:4a:9d:71:d7:b8:4a:03:f0:f7:aa:10:a2:34:
                    dc:cd:04:1f:34:57:4c:ac:b3:3b:dc:a2:1a:6b:73:
                    e7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation
            X509v3 Subject Key Identifier: 
                91:4F:84:13:A5:69:3C:3B:F0:7D:78:34:74:DC:55:F0:90:34:BF:9E
            X509v3 Authority Key Identifier: 
                keyid:EC:DA:EF:92:48:28:07:D4:E2:6C:84:E2:60:96:57:49:4F:36:A2:C4
                DirName:/CN=ponytown CA
                serial:7B

    Signature Algorithm: sha256WithRSAEncryption
         11:3b:dc:12:c9:75:ad:fa:76:38:8e:9d:5c:eb:43:2d:4d:22:
         92:45:f9:a4:be:4e:c7:b6:92:30:de:ed:ac:35:97:55:48:5a:
         c6:49:0a:90:11:e2:5a:c4:88:17:85:cd:72:6f:0e:9f:fe:79:
         11:ee:ec:ef:7f:c7:91:ec:90:d2:e0:49:94:2e:d8:95:80:b0:
         3d:22:80:fd:79:20:2c:56:44:45:99:e7:75:e0:61:81:eb:36:
         47:26:b5:61:dc:85:80:c9:79:13:b6:75:b9:44:d0:2f:f3:b5:
         8e:1e:92:d6:5a:a2:9c:bf:d5:82:5d:1a:17:b1:ac:9c:97:86:
         07:0c:b9:0f:fd:bb:3b:91:fb:9b:cf:14:43:c1:84:97:ca:67:
         3f:d7:f8:ac:05:47:61:aa:fe:94:e8:dd:84:77:77:5e:0c:cd:
         96:37:f9:24:73:8b:2f:49:fd:82:89:a0:f0:21:02:d3:cb:95:
         8c:96:73:7c:60:c8:87:58:5f:eb:96:f1:25:d3:5c:4a:42:97:
         d3:ad:5d:2b:9b:a8:06:7c:85:93:4e:0e:9c:9a:c9:3a:99:f8:
         f0:9d:76:82:47:56:79:67:40:62:d3:65:5f:8f:de:c5:04:44:
         ab:89:d4:58:fb:38:c6:9d:63:36:c6:13:58:8e:24:f1:48:5b:
         8c:e0:89:91:ea:91:6c:af:86:4e:22:e0:49:69:37:51:9d:ac:
         36:f4:29:8d:d7:b9:32:fd:b4:73:e7:06:2d:bc:97:5d:4d:0f:
         50:20:1d:42:f5:04:a3:03:7e:0b:9e:29:c5:88:1f:c9:c9:8a:
         c1:fe:b8:50:99:4f:b4:11:50:3a:f6:d4:68:58:10:3c:72:97:
         6d:5d:67:f1:fb:64:26:36:c7:3b:f1:24:25:f1:7c:84:63:8f:
         e2:d5:bb:a5:c8:8d:17:4b:c5:22:e4:df:f4:51:47:0e:2c:a0:
         89:84:f9:22:38:4b:e3:f6:f2:d1:da:7a:f6:35:a1:35:63:2c:
         7e:d8:fb:6c:b7:ed
-----BEGIN CERTIFICATE-----
MIIDuTCCAiGgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAwwdcG9u
eXRvd24gbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMTYwNTIwMjE1OTI0WhcNMTYw
NjE5MjE1OTI0WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANqZtXZ7/xgvYQIXYqSAWCHMAYEMcZ88CF4Z
il77221mZzTC5rkw9rGNkYcj4U+kdmz+icMDtqA88iKEG7IrtItZI/MjBBlk/FNN
0n7++DK0aEwpNKoNM+mHcjjjgESQ9C4Lb0z5mjvSdtO3aZLhYB0qkGKFfOIQPBIf
tGF3MrLQKxO4V4lTLfI1dSgyD54c1Gu7hs8QNuvfJPeE/oSU2knXosIv5K03f1VV
84ABlYG+6jECnsXIH6LIQjmhCqOAmka4cF9lEfCAbrmnRLpaUiOOXLcmHxi/e+TC
03TjFTn4q1VKnXHXuEoD8PeqEKI03M0EHzRXTKyzO9yiGmtz52UCAwEAAaN8MHow
DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFJFPhBOlaTw78H14
NHTcVfCQNL+eMD4GA1UdIwQ3MDWAFOza75JIKAfU4myE4mCWV0lPNqLEoRqkGDAW
MRQwEgYDVQQDDAtwb255dG93biBDQYIBezANBgkqhkiG9w0BAQsFAAOCAYEAETvc
Esl1rfp2OI6dXOtDLU0ikkX5pL5Ox7aSMN7trDWXVUhaxkkKkBHiWsSIF4XNcm8O
n/55Ee7s73/HkeyQ0uBJlC7YlYCwPSKA/XkgLFZERZnndeBhges2Rya1YdyFgMl5
E7Z1uUTQL/O1jh6S1lqinL/Vgl0aF7GsnJeGBwy5D/27O5H7m88UQ8GEl8pnP9f4
rAVHYar+lOjdhHd3XgzNljf5JHOLL0n9gomg8CEC08uVjJZzfGDIh1hf65bxJdNc
SkKX061dK5uoBnyFk04OnJrJOpn48J12gkdWeWdAYtNlX4/exQREq4nUWPs4xp1j
NsYTWI4k8UhbjOCJkeqRbK+GTiLgSWk3UZ2sNvQpjde5Mv20c+cGLbyXXU0PUCAd
QvUEowN+C54pxYgfycmKwf64UJlPtBFQOvbUaFgQPHKXbV1n8ftkJjbHO/EkJfF8
hGOP4tW7pciNF0vFIuTf9FFHDiygiYT5IjhL4/by0dp69jWhNWMsftj7bLft
-----END CERTIFICATE-----

I'd expect verify_cert_dns_name to say Ok to that for the input "testserver.com", but it says CertNotValidForName.

Here's a minimal test program:

extern crate webpki;
extern crate ring;

fn main() {
  let bytes = vec![
    0x30, 0x82, 0x03, 0xb9, 0x30, 0x82, 0x02, 0x21, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x01,
    0xc8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
    0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x70, 0x6f, 0x6e,
    0x79, 0x74, 0x6f, 0x77, 0x6e, 0x20, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x20, 0x32, 0x20, 0x69, 0x6e,
    0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36,
    0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x35, 0x39, 0x32, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x30,
    0x36, 0x31, 0x39, 0x32, 0x31, 0x35, 0x39, 0x32, 0x34, 0x5a, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15,
    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x74, 0x65, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x65,
    0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
    0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
    0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x99, 0xb5, 0x76, 0x7b, 0xff, 0x18, 0x2f, 0x61, 0x02,
    0x17, 0x62, 0xa4, 0x80, 0x58, 0x21, 0xcc, 0x01, 0x81, 0x0c, 0x71, 0x9f, 0x3c, 0x08, 0x5e, 0x19,
    0x8a, 0x5e, 0xfb, 0xdb, 0x6d, 0x66, 0x67, 0x34, 0xc2, 0xe6, 0xb9, 0x30, 0xf6, 0xb1, 0x8d, 0x91,
    0x87, 0x23, 0xe1, 0x4f, 0xa4, 0x76, 0x6c, 0xfe, 0x89, 0xc3, 0x03, 0xb6, 0xa0, 0x3c, 0xf2, 0x22,
    0x84, 0x1b, 0xb2, 0x2b, 0xb4, 0x8b, 0x59, 0x23, 0xf3, 0x23, 0x04, 0x19, 0x64, 0xfc, 0x53, 0x4d,
    0xd2, 0x7e, 0xfe, 0xf8, 0x32, 0xb4, 0x68, 0x4c, 0x29, 0x34, 0xaa, 0x0d, 0x33, 0xe9, 0x87, 0x72,
    0x38, 0xe3, 0x80, 0x44, 0x90, 0xf4, 0x2e, 0x0b, 0x6f, 0x4c, 0xf9, 0x9a, 0x3b, 0xd2, 0x76, 0xd3,
    0xb7, 0x69, 0x92, 0xe1, 0x60, 0x1d, 0x2a, 0x90, 0x62, 0x85, 0x7c, 0xe2, 0x10, 0x3c, 0x12, 0x1f,
    0xb4, 0x61, 0x77, 0x32, 0xb2, 0xd0, 0x2b, 0x13, 0xb8, 0x57, 0x89, 0x53, 0x2d, 0xf2, 0x35, 0x75,
    0x28, 0x32, 0x0f, 0x9e, 0x1c, 0xd4, 0x6b, 0xbb, 0x86, 0xcf, 0x10, 0x36, 0xeb, 0xdf, 0x24, 0xf7,
    0x84, 0xfe, 0x84, 0x94, 0xda, 0x49, 0xd7, 0xa2, 0xc2, 0x2f, 0xe4, 0xad, 0x37, 0x7f, 0x55, 0x55,
    0xf3, 0x80, 0x01, 0x95, 0x81, 0xbe, 0xea, 0x31, 0x02, 0x9e, 0xc5, 0xc8, 0x1f, 0xa2, 0xc8, 0x42,
    0x39, 0xa1, 0x0a, 0xa3, 0x80, 0x9a, 0x46, 0xb8, 0x70, 0x5f, 0x65, 0x11, 0xf0, 0x80, 0x6e, 0xb9,
    0xa7, 0x44, 0xba, 0x5a, 0x52, 0x23, 0x8e, 0x5c, 0xb7, 0x26, 0x1f, 0x18, 0xbf, 0x7b, 0xe4, 0xc2,
    0xd3, 0x74, 0xe3, 0x15, 0x39, 0xf8, 0xab, 0x55, 0x4a, 0x9d, 0x71, 0xd7, 0xb8, 0x4a, 0x03, 0xf0,
    0xf7, 0xaa, 0x10, 0xa2, 0x34, 0xdc, 0xcd, 0x04, 0x1f, 0x34, 0x57, 0x4c, 0xac, 0xb3, 0x3b, 0xdc,
    0xa2, 0x1a, 0x6b, 0x73, 0xe7, 0x65, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7c, 0x30, 0x7a, 0x30,
    0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
    0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x06, 0xc0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
    0x0e, 0x04, 0x16, 0x04, 0x14, 0x91, 0x4f, 0x84, 0x13, 0xa5, 0x69, 0x3c, 0x3b, 0xf0, 0x7d, 0x78,
    0x34, 0x74, 0xdc, 0x55, 0xf0, 0x90, 0x34, 0xbf, 0x9e, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x1d, 0x23,
    0x04, 0x37, 0x30, 0x35, 0x80, 0x14, 0xec, 0xda, 0xef, 0x92, 0x48, 0x28, 0x07, 0xd4, 0xe2, 0x6c,
    0x84, 0xe2, 0x60, 0x96, 0x57, 0x49, 0x4f, 0x36, 0xa2, 0xc4, 0xa1, 0x1a, 0xa4, 0x18, 0x30, 0x16,
    0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0b, 0x70, 0x6f, 0x6e, 0x79, 0x74,
    0x6f, 0x77, 0x6e, 0x20, 0x43, 0x41, 0x82, 0x01, 0x7b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
    0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x11, 0x3b, 0xdc,
    0x12, 0xc9, 0x75, 0xad, 0xfa, 0x76, 0x38, 0x8e, 0x9d, 0x5c, 0xeb, 0x43, 0x2d, 0x4d, 0x22, 0x92,
    0x45, 0xf9, 0xa4, 0xbe, 0x4e, 0xc7, 0xb6, 0x92, 0x30, 0xde, 0xed, 0xac, 0x35, 0x97, 0x55, 0x48,
    0x5a, 0xc6, 0x49, 0x0a, 0x90, 0x11, 0xe2, 0x5a, 0xc4, 0x88, 0x17, 0x85, 0xcd, 0x72, 0x6f, 0x0e,
    0x9f, 0xfe, 0x79, 0x11, 0xee, 0xec, 0xef, 0x7f, 0xc7, 0x91, 0xec, 0x90, 0xd2, 0xe0, 0x49, 0x94,
    0x2e, 0xd8, 0x95, 0x80, 0xb0, 0x3d, 0x22, 0x80, 0xfd, 0x79, 0x20, 0x2c, 0x56, 0x44, 0x45, 0x99,
    0xe7, 0x75, 0xe0, 0x61, 0x81, 0xeb, 0x36, 0x47, 0x26, 0xb5, 0x61, 0xdc, 0x85, 0x80, 0xc9, 0x79,
    0x13, 0xb6, 0x75, 0xb9, 0x44, 0xd0, 0x2f, 0xf3, 0xb5, 0x8e, 0x1e, 0x92, 0xd6, 0x5a, 0xa2, 0x9c,
    0xbf, 0xd5, 0x82, 0x5d, 0x1a, 0x17, 0xb1, 0xac, 0x9c, 0x97, 0x86, 0x07, 0x0c, 0xb9, 0x0f, 0xfd,
    0xbb, 0x3b, 0x91, 0xfb, 0x9b, 0xcf, 0x14, 0x43, 0xc1, 0x84, 0x97, 0xca, 0x67, 0x3f, 0xd7, 0xf8,
    0xac, 0x05, 0x47, 0x61, 0xaa, 0xfe, 0x94, 0xe8, 0xdd, 0x84, 0x77, 0x77, 0x5e, 0x0c, 0xcd, 0x96,
    0x37, 0xf9, 0x24, 0x73, 0x8b, 0x2f, 0x49, 0xfd, 0x82, 0x89, 0xa0, 0xf0, 0x21, 0x02, 0xd3, 0xcb,
    0x95, 0x8c, 0x96, 0x73, 0x7c, 0x60, 0xc8, 0x87, 0x58, 0x5f, 0xeb, 0x96, 0xf1, 0x25, 0xd3, 0x5c,
    0x4a, 0x42, 0x97, 0xd3, 0xad, 0x5d, 0x2b, 0x9b, 0xa8, 0x06, 0x7c, 0x85, 0x93, 0x4e, 0x0e, 0x9c,
    0x9a, 0xc9, 0x3a, 0x99, 0xf8, 0xf0, 0x9d, 0x76, 0x82, 0x47, 0x56, 0x79, 0x67, 0x40, 0x62, 0xd3,
    0x65, 0x5f, 0x8f, 0xde, 0xc5, 0x04, 0x44, 0xab, 0x89, 0xd4, 0x58, 0xfb, 0x38, 0xc6, 0x9d, 0x63,
    0x36, 0xc6, 0x13, 0x58, 0x8e, 0x24, 0xf1, 0x48, 0x5b, 0x8c, 0xe0, 0x89, 0x91, 0xea, 0x91, 0x6c,
    0xaf, 0x86, 0x4e, 0x22, 0xe0, 0x49, 0x69, 0x37, 0x51, 0x9d, 0xac, 0x36, 0xf4, 0x29, 0x8d, 0xd7,
    0xb9, 0x32, 0xfd, 0xb4, 0x73, 0xe7, 0x06, 0x2d, 0xbc, 0x97, 0x5d, 0x4d, 0x0f, 0x50, 0x20, 0x1d,
    0x42, 0xf5, 0x04, 0xa3, 0x03, 0x7e, 0x0b, 0x9e, 0x29, 0xc5, 0x88, 0x1f, 0xc9, 0xc9, 0x8a, 0xc1,
    0xfe, 0xb8, 0x50, 0x99, 0x4f, 0xb4, 0x11, 0x50, 0x3a, 0xf6, 0xd4, 0x68, 0x58, 0x10, 0x3c, 0x72,
    0x97, 0x6d, 0x5d, 0x67, 0xf1, 0xfb, 0x64, 0x26, 0x36, 0xc7, 0x3b, 0xf1, 0x24, 0x25, 0xf1, 0x7c,
    0x84, 0x63, 0x8f, 0xe2, 0xd5, 0xbb, 0xa5, 0xc8, 0x8d, 0x17, 0x4b, 0xc5, 0x22, 0xe4, 0xdf, 0xf4,
    0x51, 0x47, 0x0e, 0x2c, 0xa0, 0x89, 0x84, 0xf9, 0x22, 0x38, 0x4b, 0xe3, 0xf6, 0xf2, 0xd1, 0xda,
    0x7a, 0xf6, 0x35, 0xa1, 0x35, 0x63, 0x2c, 0x7e, 0xd8, 0xfb, 0x6c, 0xb7, 0xed
  ];

  let input = ring::input::Input::new(&bytes).unwrap();
  let name = ring::input::Input::new("testserver.com".as_bytes()).unwrap();
  let rc = webpki::verify_cert_dns_name(input, name);
  println!("rc = {:?}", rc);
}

I think the issue is a missing match of GeneralName::DirectoryName in the closure given to iterate_names.

[briansmith]

I think the issue is a missing match of GeneralName::DirectoryName in the closure given to iterate_names.

No, that's not it. It's simpler: I just didn't implement the fallback to parsing dNSName and iPAddress out of Subject CNs because I wasn't sure if it was worth doing.

This is similar to other things I dropped (compared to mozilla::pkix), such as dropping support for v1 certificates.

I don't think I strongly object to the fallback being added back, but I'm not planning to do it myself soon.

[ctz]

I checked the CAB baseline requirements and subjectAltName is indeed required, so I've decided I also don't care very much. My knowledge of how this all works in about 10 years out of date :)

Thanks! :+1:

[briansmith]

OK, I'm closing this. My goal is to avoid the bad stuff, and the Subject CN overloading is pretty bad, so I'm glad to not implement it.

[emk]

Thank you very much to everyone who tracked this down!

I just discovered that citusdata.com uses CN-only certificates for PostgreSQL databases. These will fail with BadCertificate because of the issue discussed above. As expected, the following output lacks a DNS: line:

❯ openssl s_client -starttls postgres -showcerts -connect c.$DATABASE_NAME.db.citusdata.com:5432 </dev/null 2>/dev/null | openssl x509 -noout -text | grep db.citusdata.com
        Subject: CN = *.$DATABASE_NAME.db.citusdata.com

Citus was acquired by Microsoft, and it will be shut down early next year. So this isn't necessarily a pressing issue. But these broken certs are still used by major vendors, in at least some cases.

(Oh, and I only figured this out because I'm trying to get dbcrossbar running on the new ARM Macs, and this is one of the last issues, AFAICT. Before ARM, we used openssl, but it caused endless distribution issues.)

[briansmith]

I am open to providing not-enabled-by-default support for DNS names in the subject common name field. It would be good for somebody to design the API for people to opt into that. In general we don't have a configuration API in this crate; this would be one of the first bits of configuration. I filed #249 for designing and implementing the base configuration API on top of which we can add configuration such as this.

[emk]

Thank you for looking to this!

Since Citus Data has only weeks to live, I'm switching dbcrossbar over webpki ahead of schedule.

Unfortunately, it's unlikely that we'll be able to work on support for DNS names in the common name field in the foreseeable future.

And of course, many thanks for providing very useful TLS support in Rust!