From: Martin Willi Date: Mon, 10 Aug 2020 16:29:52 +0000 (+0200) Subject: revocation: Validate OCSP nonce only if response actually contains a nonce X-Git-Tag: 5.9.1rc1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7efe92130a1c8ae3c8c16147ead5b2ed95437339;p=thirdparty%2Fstrongswan.git revocation: Validate OCSP nonce only if response actually contains a nonce Commit 27756b081c1b8 (revocation: Check that nonce in OCSP response matches) introduced strict nonce validation to prevent replay attacks with OCSP responses having a longer lifetime. However, many commercial CAs (such as Digicert) do not support nonces in responses, as they reuse once-issued OCSP responses for the OCSP lifetime. This can be problematic for replay attack scenarios, but is nothing we can fix at our end. With the mentioned commit, such OCSP responses get completely unusable, requiring the fallback to CRL based revocation. CRLs don't provide any replay protection either, so there is nothing gained security-wise, but may require a download of several megabytes CRL data. To make use of replay protection where available, but fix OCSP verification where it is not, do nonce verification only if the response actually contains a nonce. To be safe against replay attacks, one has to fix the OCSP responder or use a different CA, but this is not something we can enforce. Fixes #3557. --- diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index d2f662dc68..2e90fb50d3 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -112,7 +112,8 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, } ocsp_request = (ocsp_request_t*)request; ocsp_response = (ocsp_response_t*)response; - if (!chunk_equals_const(ocsp_request->get_nonce(ocsp_request), + if (ocsp_response->get_nonce(ocsp_response).len && + !chunk_equals_const(ocsp_request->get_nonce(ocsp_request), ocsp_response->get_nonce(ocsp_response))) { DBG1(DBG_CFG, "nonce in ocsp response doesn't match");