On Fri, May 16, 2014 at 12:17:33AM +0100, Jeremy Harris wrote:
> Created an attachment (id=728)
> --> (http://bugs.exim.org/attachment.cgi?id=728)
> prototype patch
You SHOULD NOT join all the altName values with newlines, and then
split that to recover the altnames. Hostile certificates might
contain embedded newlines in the subjectAltName. I doubt that all
CA's check this (just like they allowed embeded NULs in the
subject name or altName).
ASN.1 strings can contain NUL octets, and are not C strings. This
implementation leaves the potential problem unchecked.
Later, for DANE, you'll need to allow multiple names any one of
which might match the peer certificate. You also should probably
support wildcards "*.example.com".
See
http://www.postfix.org/postconf.5.html#smtp_tls_secure_cert_match
So this feature probably should support multiple names from the
outset. Especially because some MX hosts have certificates that
match the next-hop domain (LHS of MX lookup), and others the MX
hostname or something else entirely.
--
Viktor.
