Opened 8 years ago

Closed 8 years ago

#10842 closed Patch (rejected)

trust certificate

Reported by: Tommy Wu Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc:
Component version: 3.18.0-rc1 Operating system type:
Operating system version:

Description

  1. for save trust certificate, depend on the current chosen certificate in chain, if not the first one, use certificate's CN as Host, and set Port to 0
  2. when we need to check the certificate is trusted or not, check all certificates in the chain, not just the first one, if someone is trusted, then trust this certificate.

Attachments (1)

filezilla_trust_cert.patch (5.7 KB ) - added by Tommy Wu 8 years ago.
patch allow to save non-first certificate in chain, and IsTrust() will check all certificate in chain

Download all attachments as: .zip

Change History (2)

by Tommy Wu, 8 years ago

Attachment: filezilla_trust_cert.patch added

patch allow to save non-first certificate in chain, and IsTrust() will check all certificate in chain

comment:1 by Tim Kosse, 8 years ago

Resolution: rejected
Status: newclosed

This patch is extremely insecure. It grants individual certificates ultimate trust for the subject to sign the entire Internet. While this may be desired in some exotic use-cases, there are a some issues with your patch:

  • Hostname checks in leaf certificates are not currently implemented in FZ. Having them is a mandatory prerequisite for having CAs as trust anchors
  • The patch would trust invalid chains, e.g. with expired child certificates
  • The UI does not make it clear that a CA is being trusted (and the dangers involved in doing so) instead of a leaf certificate
  • There is no UI to remove CA certificates
  • There can be multiple CA certificates with the same CN, the code does not handle this case

Due to the complexities involved in securely handling trust delegation, any implementation of such functionality in FZ must use the trust list functionality from GnuTLS.

Note: See TracTickets for help on using tickets.