Bug 9631 – HTTPS transport should be more rigorous in verification

Bug 9631 - HTTPS transport should be more rigorous in verification


Summary:	HTTPS transport should be more rigorous in verification

Status:	RESOLVED FIXINSOURCE

Product:	pkg
Component:	transport
Version:	unspecified
Platform:	ANY/Generic All

Importance:	P3 normal (vote)
Target Milestone:	---
Assigned To:	johansen
QA Contact:	pkg/transport watcher

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2009-06-23 11:32 UTC by johansen
Modified:	2009-07-01 16:40 UTC (History)
CC List:	0 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description johansen 2009-06-23 11:32:37 UTC

The previous https transport neither verified the server's certificate and
chain of trust, nor did it verify that the CN on the server's certificate
matched the domainname of the server.  The new transport provided by bug 8902
allows us to verify both of these.  We should enable support for this by
default.

Dissenting members of the package team want a way to disable the more rigorous
authentication checks.  I'm opposed to making security optional.  If we find
that customers really need to disable these features, and plausible workarounds
are insufficient, we can add an option to disable the checks.  The amount of
code to do so should not be large.

Comment 1 johansen 2009-06-23 13:32:10 UTC

This bug is being fixed as part of the transport re-design.  A preliminary
webrev is available from:

http://cr.opensolaris.org/~johansen/webrev-xport-1/

Comment 2 johansen 2009-07-01 16:40:06 UTC

Integrated 1Jul2009 as change set a48bee2a4b2e9c8345c29acea63116acf77dddb3