[squid-dev] [PATCH] Fix SSL certificate cache refresh and collision handling.

Sun Jul 16 07:21:55 UTC 2017

Seems like a very required patch.
I was wondering about another semi-related issue from the past:
Certificate DB directory become unusable, Was it resolved on 3.5 or 4?

Thanks,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-dev [mailto:squid-dev-bounces at lists.squid-cache.org] On Behalf
Of Christos Tsantilas
Sent: Friday, July 14, 2017 18:19
To: Squid Developers <squid-dev at squid-cache.org>
Subject: [squid-dev] [PATCH] Fix SSL certificate cache refresh and collision
handling.

SslBump was ignoring origin server certificate changes and using the
previously cached fake certificate (mimicking now-stale properties).
Also, Squid was not detecting key collisions inside certificate caches.

On-disk certificate cache fixes:

   - Use the original certificate signature instead of the certificate
     subject as part of the key. Using signatures reduces certificate key
     collisions to deliberate attacks and woefully misconfigured origins,
     and makes any mishandled attacks a lot less dangerous because the
     attacking origin server certificate cannot by trusted by a properly
     configured Squid and cannot be used for encryption by an attacker.

     We have considered using certificate digests instead of signatures.
     Digests would further reduce the attack surface to copies of public
     certificates (as if the origin server was woefully misconfigured).
     However, unlike the origin-supplied signatures, digests require
     (expensive) computation in Squid, and implemented collision handling
     should make any signature-based attacks unappealing. Signatures won
     on performance grounds.

     Other key components remain the same: NotValidAfter, NotValidBefore,
     forced common name, non-default signing algorithm, and signing hash.

   - Store the original server certificate in the cache (together with
     the generated certificate) for reliable key collision detection.

   - Upon detecting key collisions, ignore and replace the existing cache
     entry with a freshly computed one. This change is required to
     prevent an attacker from tricking Squid into hitting a cached
     impersonating certificate when talking to a legitimate origin.

In-memory SSL context cache fixes:

   - Use the original server certificate (in ASN.1 form) as a part of the
     cache key, to completely eliminate cache key collisions.

Other related improvements:

   - Make the LruMap keys template parameters.
   - Polish Ssl::CertificateDb class member names to match Squid coding
     style. Rename some functions parameters to better match their
     meaning.
   - Replace Ssl::CertificateProperties::dbKey() with:
      * Ssl::TxtKeyForCertificateProperties() in ssl/gadgets.cc for
        on-disk key generation by the ssl_crtd helper;
      * Ssl::UniqueKeyForCertificateProperties() in ssl/support.cc for
        in-memory binary keys generation by the SSL context memory cache.
   - Optimization: Added Ssl::BIO_new_SBuf(SBuf*) for OpenSSL to write
     directly into SBuf objects.

This is a Measurement Factory project.