Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: reject UTF-8 names #26362

Closed
FiloSottile opened this issue Jul 13, 2018 · 6 comments
Closed

crypto/x509: reject UTF-8 names #26362

FiloSottile opened this issue Jul 13, 2018 · 6 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone

Comments

@FiloSottile
Copy link
Contributor

Certificates should only have punycode in them, but we tolerate and match UTF-8 if provided. Make this stricter after checking it doesn't break a lot of CT and BoringSSL already rejects them.

@FiloSottile FiloSottile added this to the Go1.12 milestone Jul 13, 2018
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label Jul 13, 2018
@robpike
Copy link
Contributor

robpike commented Jul 13, 2018

Can you please be more precise in what the restrictions should be? "UTF-8 names" is not a clear target, as ASCII for instance is a subset of UTF-8.

@mdp
Copy link

mdp commented Sep 18, 2018

The restriction is that certain x509 extensions should be encoded as an IA5String, which is a restricted character set(Essentially 0x0-0x80 ASCII). Currently, golang's x509 package performs validation checks on IA5String encoding, but it's not complete. It's still possible to encode several of the Subject Alternative Name extensions ("Domains" "EmailAddresses") as non-IA5Stings. There's also no check on the "URIs" field, but due to URL.String() being called before encoding, it's escaped and therefore won't contain any characters outside of the IA5String set.

One thing to be aware of, the Common Name on an X509 certificate doesn't actually have an IA5String restriction on encoding. You need to use punycode if you're creating an SSL certificate, but RFC 5280 states that "Standard naming attributes, such as common name, employ the DirectoryString type, which supports internationalized names through a variety of language encodings. Conforming implementations MUST support UTF8String and PrintableString."

@mdp
Copy link

mdp commented Sep 19, 2018

As far as comparisons go, Certificate.VerifyHostname(host string) will not reject comparisons for non-punycode hostnames in the latest release of go - Go Playground example

However, a recent change (4f9ec2c#diff-14a36701d822b09a804f852a229dfc23R910), was introduced which will result in the rejection of CommonName's with non-ASCII characters in them - caused by validHostname(c.Subject.CommonName)

That being said, if the certificate has a non-ASCII character in the DNSName SAN extension, it will still do the comparison and match. Example below:

c := &x509.Certificate{
        DNSNames: []string{"göögle.com"},
	Subject: pkix.Name{
		CommonName: "göögle.com",
	},
}

err := c.VerifyHostname("göögle.com")
if err == nil {
	fmt.Println("VerifyHostname(göögle.com) should have failed, did not")
} else {
	fmt.Printf("VerifyHostname(göögle.com) failed - %q", err)
}

@gopherbot
Copy link

Change https://golang.org/cl/141837 mentions this issue: crypto/x509: reject UTF-8 names from VerifyHost

@andybons andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019
@stefanb
Copy link
Contributor

stefanb commented Mar 22, 2019

Please note that X.509 client certificates contain personal names in the common name (CN) attribute!

Those can be encoded in various ways, one of the more exotic cocktail 🍸of UCS-2/UTF-16/UTF-8 being used in Estonian 🇪🇪 electronic ID: https://eid.eesti.ee/index.php/Authenticating_in_web_applications#Add_user_authentication_to_your_application

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@FiloSottile FiloSottile modified the milestones: Go1.14, Unplanned Oct 1, 2019
@gopherbot
Copy link

Change https://golang.org/cl/235078 mentions this issue: crypto/x509: enforce SAN IA5String encoding restrictions

@golang golang locked and limited conversation to collaborators Sep 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Development

No branches or pull requests

6 participants