Skip to Content.
Sympa Menu

cacert-sysadm - Re: new SSL Attacks

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: new SSL Attacks


Chronological Thread 
  • From: Florian Lagg <info AT lagg.at>
  • To: tg AT futureware.at
  • Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, Ian G <iang AT iang.org>
  • Subject: Re: new SSL Attacks
  • Date: Fri, 31 Jul 2009 17:15:47 +0100 (GMT+01:00)

I just was in a chat with Philipp and Ian. 

it seems that "\0" is converted to "0" and therefore is a valid subdomain 
without nullchar (thanks philipp).

I wanted to test it with a real null-char in the csr - not a quoted one.
Maybe someone could check the CSR and Certificate if the null char is there. 
Currently I do not have an idea how I could do that.

OK, what I did so far:

*** I tried to make an CSR with:
# the private one
openssl genrsa -out nulltest.key 1024
#the csr
openssl req -batch -new -key nulltest.key -out nulltest.csr -subj 
"/C=AT/O=Lagg/OU=Lagg/CN=`echo -e "nulltest\0000.lagg.at"`"

as 
echo -e "\0000"
outputs an null char this should work. I haven't checked it.
The resulting CSR is:

-----BEGIN CERTIFICATE REQUEST-----
MIIBhTCB7wIBADBGMQswCQYDVQQGEwJBVDENMAsGA1UEChMETGFnZzENMAsGA1UE
CxMETGFnZzEZMBcGA1UEAxMQbnVsbHRlc3QubGFnZy5hdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA9D/qaxhD+b1PhsdWIXF//rcjo+8iVpxdRqEZqjjsJJrd
dWuqCfA1Qbh0LVhYFv7ii8IDJtGNaQVV+dh6f3YQ+4FgasNFzYfs5wBJxkYoxW3l
MVwX2WDetk1WQNAjAixnZqSPkE2y6MWop3s0rLenLvOjO8Sjyc4NSR4eF5GbTR8C
AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBADrioczWzRUN/LrR1ROXq1k6M0I6uYar
tTfX4QPUBxGVNlVWAQECUsglYy/kDvOzD44pyYB5NrW/0bUnoTIJkuHDT6V6yn4t
5YBK+cz6gr/6yZbrFEQIBhbg9GXKLBlnPOwJLHVSAqihr1WhVIc5jAaIuWnjsZT0
Gyt0c0PnCxtg
-----END CERTIFICATE REQUEST-----

*** then I uploaded the CSR to our webform to get a server certificate, this 
one...

-----BEGIN CERTIFICATE-----
MIIELzCCAhegAwIBAgIDAIYWMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMDkwNzMxMTU0NzM4WhcNMTEwNzMx
MTU0NzM4WjAbMRkwFwYDVQQDExBudWxsdGVzdC5sYWdnLmF0MIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQD0P+prGEP5vU+Gx1YhcX/+tyOj7yJWnF1GoRmqOOwk
mt11a6oJ8DVBuHQtWFgW/uKLwgMm0Y1pBVX52Hp/dhD7gWBqw0XNh+znAEnGRijF
beUxXBfZYN62TVZA0CMCLGdmpI+QTbLoxainezSst6cu86M7xKPJzg1JHh4XkZtN
HwIDAQABo4HGMIHDMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIG
CCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMG
CCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9y
Zy8wOwYDVR0RBDQwMoIQbnVsbHRlc3QubGFnZy5hdKAeBggrBgEFBQcIBaASDBBu
dWxsdGVzdC5sYWdnLmF0MA0GCSqGSIb3DQEBBQUAA4ICAQBDxNgRVIyocB+B7CCE
D058ZNnk2z2zJJed3ZzwtNa6Tv0YAOATH5CGAWbRrQikBBv0EsmHyfim8XXYneHP
26LWQ5/I/VHMpgMyRpLBNkOz4QIyDnyKhVY++/rckviYcQv9nDsEvMIiiH7eWbaP
z6h7a5PoZj7glTf9LvPZUlgAwzHYBUl+K6EpOhEIZPokhcGZafVEPJZBBTPrwjbX
KJjGK4ErzFwYeEh+aH5tsSyCiF/MDwhgVyAKCmRdZ4wf5miJTTJ6fOCOgduXJxU4
sa8bysyJ9oVfqHFIdeKGN5x0ySQpwhNFnHbrI/NXdp+5pz0al1WCUTYrRly8lgjg
Kedg1sVCu8eFzZHB0oKqm0+CmmERqr19bPtB/hBPTrEofTAmktW53Jx7i3DA1tlS
pLI2B82zVH0epdh5x0P8GQj7uyzX9Hug+vlVfKe9RteXACBClvvzOSZkl2KY+s+J
5MBNdzg/0H2vCDBf+px4gAJEM+lDXyvC484w3LBVcblDS2RhIg+N/PY5qRzIk/pL
3tv4iMo/Bu0TfZYzMWc4OqNO4vtTISt945pRtrYxX3NEaM/8dGAlcmBL4Whkb16X
6gcTjrNU9OVKav1ZKQDk93zb4jkKMyMgzNiCfmwngzo0kRl/ZH/oEB7ftKsak3ii
UCH2zy9lHaa/KJjUVQfTR1WAlQ==
-----END CERTIFICATE-----

Could someone check them if there is a NULL-char in the domain name?
If it all worked it should be nulltest\0.lagg.at (with a real null char)

regards,

-- 
Florian Lagg
-
 Florian Lagg - IT-Komplettlösungen
 Juch 7, 6631 Lermoos
 tel +43 (676) 344 677 5
 http:/www.lagg.at/ - 
info AT lagg.at
-
 Xing: http://www.xing.com/go/invite/7372113.3da562
-



Archive powered by MHonArc 2.6.16.

Top of Page