[hcs-d] how to validate ssl certificates correctly with python?

Zak Stone zstone at gmail.com
Sat Jan 28 22:50:04 EST 2012


Hello everyone,

I would like to allow a Python client to communicate securely via
HTTPS with a server I control that has a valid SSL certificate.
Unfortunately, it turns out that the relevant standard library
functions in Python 2.x do not attempt to validate a server's SSL
certificate _at all_, as you can see from the warnings in the
documentation below, which means that these functions are vulnerable
to man-in-the-middle attacks:

http://docs.python.org/library/urllib.html
http://docs.python.org/library/urllib2.html

The folks at Stack Overflow suggest a variety of work-arounds,
including backporting the match_hostname function that was added to
the ssl module in Python 3.2:

http://stackoverflow.com/questions/1087227/validate-ssl-certificates-with-python

More detailed information is available from the fellow who currently
maintains M2Crypto:

http://www.heikkitoivonen.net/blog/2010/08/23/ssl-in-python-2-7/
http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/
http://chandlerproject.org/Projects/MeTooCrypto

However, security is complicated, and I find the history of
catastrophic security failures caused by incorrect usage of TLS/SSL
sufficiently disturbing to seek expert advice. For example, it appears
that iOS allowed transparent man-in-the-middle decryption of encrypted
transmissions until last July:

http://blog.spiderlabs.com/2011/07/twsl2011-007-ios-ssl-implementation-does-not-validate-certificate-chain.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
http://blog.recurity-labs.com/archives/2011/07/26/cve-2011-0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/
http://support.apple.com/kb/HT4824
http://support.apple.com/kb/HT4825

This particular attack centered around Apple's failure to check the
"Basic Constraints" (or basicConstraints) fields in certificate
chains. This problem has surfaced before as well -- Moxie Marlinspike
seems to have found a similar vulnerability in Internet Explorer in
_2002_:

http://www.thoughtcrime.org/ie-ssl-chain.txt

Unfortunately, it isn't obvious to me whether the use of
match_hostname or M2Crypto in Python will prevent this Basic
Constraints attack, and it is even more difficult to determine whether
the Python approaches to certificate validation referenced above cover
other known exploits.

Would anyone be so kind as to share the Right Way for a Python client
to communicate securely with a server over HTTPS?

Many thanks,
Zak


More information about the hcs-discuss mailing list