Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:69234
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63411 invoked from network); 19 Sep 2013 17:52:32 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Sep 2013 17:52:32 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.50 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 74.125.83.50 mail-ee0-f50.google.com  
Received: from [74.125.83.50] ([74.125.83.50:42360] helo=mail-ee0-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E0/FE-24386-ED93B325 for <internals@lists.php.net>; Thu, 19 Sep 2013 13:52:31 -0400
Received: by mail-ee0-f50.google.com with SMTP id d51so4372969eek.9
        for <internals@lists.php.net>; Thu, 19 Sep 2013 10:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=Xae+rNafeGxAtEu2CbE50qNk/SVrbEfNCYAWXyl5Cf4=;
        b=jziNYLR4+G/2PhFAH1L/w/1V9nUzZmAjeHFZEDldSpdJ+zx050oIDPoSYWCP0EWhqU
         4gtzdKantXBXMJ0YDVPuzULL383sPuZtr0kfpeZuKWDeMiGyQRuAQmIvdjC2KFuJYYxl
         kajPdimSRfNDftxyFBBAQOZIBEitBoFk4GhNp77BN1YTr4QIaA+N9uCnJRcqXHl78+Yt
         2R9z3HKiu3oXkHkeULqUAXv60r6fU1jHf9Y07ZgWSTG2F7OW89LmI/vTpjiG+8UcsQeu
         nKmXLsEz6iwWgzJki5fEhqU/D0QnDN1gLQHXq7288gsb/7RLqQSAjDuGUr+19dsMo3IU
         YX4g==
MIME-Version: 1.0
X-Received: by 10.14.69.206 with SMTP id n54mr80383eed.118.1379613148064; Thu,
 19 Sep 2013 10:52:28 -0700 (PDT)
Received: by 10.223.199.129 with HTTP; Thu, 19 Sep 2013 10:52:27 -0700 (PDT)
In-Reply-To: <000001ceb53c$492a3090$db7e91b0$@org>
References: <CAH8MpnnTGD0xAwG1j9sh10EC6XzdscVRLbJzEMG6qWSBK5c17w@mail.gmail.com>
	<523A466C.4070903@gmail.com>
	<CAHMUw2HxcWgOBxiK=r4y6FgWF_Gkhgc6BgHxF_bgLLJG9RVxmQ@mail.gmail.com>
	<CAEZPtU7YjNksHLEyH9VzM-iDdpQmBeJkF-BHPkAajZjiQS5XBA@mail.gmail.com>
	<CAHMUw2Gv=JdswmWVHCvp2S3WECVPEx4aWOQzF2yLMHaqJ5HK-g@mail.gmail.com>
	<000001ceb53c$492a3090$db7e91b0$@org>
Date: Thu, 19 Sep 2013 13:52:27 -0400
Message-ID: <CAH8MpnkX1p66AxeDXYaDiNaPBL635gKLXmS6qN=veB4H4CTicw@mail.gmail.com>
To: "Bryan C. Geraghty" <bryan@ravensight.org>
Cc: Tjerk Anne Meesters <datibbaw@php.net>, Pierre Joye <pierre.php@gmail.com>, johannes@schlueters.dot.de, 
	addw@phcomp.dot.co.uk, "internals@lists.php.net" <internals@lists.php.net>, 
	=?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?= <keisial@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Re: Re: PHP Crypt functions - security audit
From: rdlowrey@gmail.com (Daniel Lowrey)

> If a subjectAltName extension of type dNSName is present, that MUST
> be used as the identity. Otherwise, the (most specific) Common Name
> field in the Subject field of the certificate MUST be used. Although
> the use of the Common Name is existing practice, it is deprecated and
> Certification Authorities are encouraged to use the dNSName instead.

I have a working patch locally that adds SAN verification pursuant to
RFC 2818 as outlined here (mentioned by Ryan):

http://tools.ietf.org/html/rfc2818#section-3.1

Usage looks like this:

```
$ctx = stream_context_create(['ssl' => [
    'verify_peer' => TRUE,
    'cafile' => '/path/to/cacert.pem',
    'SAN_required' => TRUE, // default
    'SAN_match' => 'www.github.com'
    'CN_match' => 'www.github.com'
]]);

$uri = 'https://www.github.com/';
file_get_contents($uri, FALSE, $ctx);
```

The patch is strict. I.E. it follows the spec and *will* fail your SSL
negotiation attempt (with a descriptive error message to explain why)
if the remote peer provided a list of SAN names and you didn't specify
an `SN_match` stream context option. If no SAN dNSNames are supplied
by the peer the routine will fallback to the CN_match if specified.
This behavior is emphasized with a *MUST* in the RFC (meaning PHP's
current implementation is NOT compliant). I'm happy to bring the
default behavior into line with the spec but we need to determine if
people are okay with making things secure by default. This seems like
a no-brainer to me as IMHO security should be prioritized over
simplicity:

> *I consider this a bug* I understand that it's easier to code not verifying the
> peer, and the hostname may not be available when you are stacking ssl over a stream.
> But file_get_contents("https://...") is *precisely* the case that should work right
> out of the box.

^^ This.

Before I can fully/cleanly implement these changes we need to decide
if PHP wants to move to a secure-by-default model for streams
utilizing the built in encryption wrappers. Thoughts?