--servercert option is insecure
Daniel Lenski
dlenski at gmail.com
Thu May 10 02:14:51 PDT 2018
On Thu, May 10, 2018 at 4:38 AM, Ryan Taylor <rptaylor at uvic.ca> wrote:
>
> Hello,
>
> The manual describes the --servercert option as follows:
> http://www.infradead.org/openconnect/manual.html
>
> "Accept server’s SSL certificate only if the provided fingerprint matches. The allowed fingerprint
> types are SHA1, and SHA256. They are distinguished by the ’sha1:’ or ’sha256:’ prefixes to the hex
> encoded hash. To ease certain testing use-cases, a partial match of the hash will also be accepted,
> if it is at least 4 characters."
>
> Is it really true that only 4 characters need to match the hash in order for the certificate to be
> accepted?
...
> Probability of a random 4-char hex string matching a given 64-char hex string is (ignoring the
> possibility of consecutive repeated characters): 1 - (1 - 16^-4)^61 = 0.00093
>
> A random 64-char string has 61 attempts to match a 4-char substring, so the probability is
> (ignoring the possibility of consecutive repeated characters): 1 - (1 - 0.00093)^61 = 0.055
No, openconnect checks for a matching *prefix*, not for a match to a
substring at an arbitrary position. This is from
openconnect_check_peer_cert_hash in library.c:
int openconnect_check_peer_cert_hash(struct openconnect_info *vpninfo,
const char *old_hash)
{
...
/* allow partial matches */
if (old_len < fingerprint_len) {
if (strncasecmp(old_hash, fingerprint, MAX(min_match_len, old_len))) {
if (old_len < min_match_len) {
vpn_progress(vpninfo, PRG_ERR, _("The size of the
provided fingerprint is less than the minimum required (%u).\n"),
real_min_match_len);
}
return 1;
}
} else {
if (strcasecmp(old_hash, fingerprint))
return 1;
More information about the openconnect-devel
mailing list