Commit c4fbed6c authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Add -dane_ee_no_namechecks s_client(1) option 



The DANE API supports a DANE_FLAG_NO_DANE_EE_NAMECHECKS option, but
there was no way to exercise/enable it via s_client.  This commit
addresses that gap.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent dc047d31

apps/s_client.c

+9 −1
Original line number Diff line number Diff line
@@ -555,7 +555,7 @@ typedef enum OPTION_choice { 
#ifndef OPENSSL_NO_CT

    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,

#endif

    OPT_DANE_TLSA_RRDATA

    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,

} OPTION_CHOICE;



OPTIONS s_client_options[] = {
@@ -589,6 +589,8 @@ OPTIONS s_client_options[] = { 
    {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},

    {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',

     "DANE TLSA rrdata presentation form"},

    {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',

     "Disable name checks when matching DANE-EE(3) TLSA records"},

    {"reconnect", OPT_RECONNECT, '-',

     "Drop and re-make the connection with the same Session-ID"},

    {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
@@ -783,6 +785,7 @@ int s_client_main(int argc, char **argv) 
    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;

    char *dane_tlsa_domain = NULL;

    STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL;

    int dane_ee_no_name = 0;

    STACK_OF(X509_CRL) *crls = NULL;

    const SSL_METHOD *meth = TLS_client_method();

    const char *CApath = NULL, *CAfile = NULL;
@@ -1257,6 +1260,9 @@ int s_client_main(int argc, char **argv) 
                goto end;

            }

            break;

        case OPT_DANE_EE_NO_NAME:

            dane_ee_no_name = 1;

            break;

        case OPT_NEXTPROTONEG:

#ifndef OPENSSL_NO_NEXTPROTONEG

            next_proto_neg_in = opt_arg();
@@ -1701,6 +1707,8 @@ int s_client_main(int argc, char **argv) 
                       "records.\n", prog);

            goto end;

        }

        if (dane_ee_no_name)

            SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);

    } else if (dane_tlsa_rrset != NULL) {

        BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "

                   "-dane_tlsa_domain option.\n", prog);

doc/apps/s_client.pod

+19 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ B<openssl> B<s_client> 
[B<-no-CApath>]

[B<-dane_tlsa_domain domain>]

[B<-dane_tlsa_rrdata rrdata>]

[B<-dane_ee_no_namechecks>]

[B<-attime timestamp>]

[B<-check_ss_sig>]

[B<-crl_check>]
@@ -225,6 +226,24 @@ whitespace is ignored in the associated data field. For example: 
  DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1

  ...



=item B<-dane_ee_no_namechecks>



This disables server name checks when authenticating via DANE-EE(3) TLSA

records.

For some applications, primarily web browsers, it is not safe to disable name

checks due to "unknown key share" attacks, in which a malicious server can

convince a client that a connection to a victim server is instead a secure

connection to the malicious server.

The malicious server may then be able to violate cross-origin scripting

restrictions.

Thus, despite the text of RFC7671, name checks are by default enabled for

DANE-EE(3) TLSA records, and can be disabled in applications where it is safe

to do so.

In particular, SMTP and XMPP clients should set this option as SRV and MX

records already make it possible for a remote domain to redirect client

connections to any server of its choice, and in any case SMTP and XMPP clients

do not execute scripts downloaded from remote servers.



=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,

B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,

B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,