OpenSSL Patches Critical Certificate Forgery Bug

msm1267 writes: The mystery OpenSSL patch released today addresses a critical certificate validation issue where anyone with an untrusted TLS certificate can become a Certificate Authority. While serious, the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced. From the linked piece: The vulnerability allows an attacker with an untrusted TLS certificate to be treated as a certificate authority and spoof another website. Attackers can use this scenario to redirect traffic, set up man-in-the-middle attacks, phishing schemes and anything else that compromises supposedly encrypted traffic. [Rich Salz, one of the developers] said there are no reports of public exploits.

Re:Trusted certificate owners

[petermgreen]

Debian claims that their patched versions of openssl for squeeze/wheezy/jessie are not affected by this issue.

LibreSSL and BoringSSL?

[tepples]

If you're running any kind of client connection (for instance, consuming a https webservice) then you'll need to update (unless they're using gnutls or nss instead of openssl)

Are LibreSSL and BoringSSL also affected? The article mentions that a BoringSSL contributor found the problem, but it doesn't say one way or the other whether this misbehavior made it into any releases of BoringSSL or any other OpenSSL fork.

X.509 cert with hostname as common name

[tepples]

A TLS certificate is an X.509 certificate whose common name identifies a hostname in the manner specified by TLS. All TLS certificates are X.509 certificates, but not all X.509 certificates are TLS certificates because not every X.509 certificate's common name identifies a hostname.